In an age of technology, cyber-attacks are becoming more prevalent, more frequent and more threatening than ever before. Now that the majority of institutions, particularly in the financial sector, are opting to transform their operations via new digital channels, automation and other advanced technologies, the dangers to companies are significantly heightened.
As a result, Turnerlittle.com sought to find out how cybersecurity threats have increased in recent years, and what companies are, and should, be doing to prevent cyber-attacks. With the sudden increase in the frequency and scope of cyber-attacks around the world, new and impending regulations, have already prompted some of the financial sector’s biggest names to review their cyber security plans.
In a recent Ernst & Young report, more than half of respondents (53 per cent) say their cyber security budget has increased over the last year. Cyber security is becoming a number 1 priority for businesses in 2018, many companies understand that cybersecurity is a major risk, perhaps even the number one priority; particularly for technology-heavy companies.
Cyber risks are constantly changing and are difficult to keep up with, which can be destructive. Unfortunately, no business can completely protect itself from a cyber-attack, but they can implement plans and strategies to help prevent breaches from occurring.
For many companies, customer data is paramount, with a staggering 65 per cent of businesses citing customer personal and identifiable information as the most valuable asset to protect, while 36 per cent cite customer passwords.
Turnerlittle.com found that these were followed by:
- Company financial information –19.5 per cent
- Corporate strategic plans –18.4 per cent
- Senior executive/board member personal information –15.1 per cent
- Information exchanged during M&A activities –11.5 per cent
- Patented intellectual property (IP) –10.1 per cent
- R&D information –9.6 per cent
- Non-patented IP –8.3 per cent
- Supplier/vendor identifiable information –4.2 per cent
Turnerlittle.com found, at present, there is a shortage of individuals with the skills and know-how to deal with cybersecurity threats in business. Analysis of EY’s report can reveal that at all levels, there is a lack of training regarding how cyber risk should be handled in day-to-day business life.
Companies must increase cyber security awareness training, whilst instilling an understanding of how cyber risks can impact different roles and individual projects, as well as harming overall businesses (e.g. impacting corporate reputation, business acquisition and client retention).
Analysing a 2017 report by Gov.uk, more than the last 12 months, some businesses are trying to offer cyber security training, either internally or externally. Although, from the report, Turner Little concluded that training must be more accessible.
The following companies pursuing cyber security training:
- Small firms –25 per cent
- Medium firms –43 per cent
- Large firms –63 per cent
- Within finance/insurance–49 per cent
- Within info/ communications/utilities –41 per cent
Of these companies, the employees who attend the training courses varies. Unsurprisingly, IT staff had the highest attendance (79 per cent), followed by directors or senior management staff (59 per cent), staff members whose job role includes information security or governance (47 per cent) and other staff who aren’t cyber security or IT specialists (29 per cent).
The ‘cost’ of a cyber breach is more than just money… Cyber security can be expensive for companies; particularly those that are deemed ‘small’.
According to Gov.uk, the mean spend on cyber security of all businesses in the UK is £4,590, and for large businesses, the mean spend reaches a staggering £387,000. However, it is worth it in the long run, as the average cost of breaches to all businesses in the UK reached £1,570 in the last 12 months –and £19,600 for large firms.
James Turner, managing director of Turnerlittle.com comments, ‘Cyber security is something every business must be investing in. In this day and age, with the increases in technology and software, businesses are constantly under attack from hackers – both big and small. It is vital companies assess their cyber security plans continuously to ensure all data is secure.’
He adds, ‘Despite the cost, it is important to ensure that all employees understand how dangerous cyber breaches can be, and what their costs are –particularly in larger firms where the aftermath can be highly detrimental to the company’s reputation and client retention.’