Today, cyber-attacks are becoming more prevalent, more frequent and more threatening than ever before. Now that the majority of financial institutions are opting to transform their operations by using new digital channels, automation and other advanced technologies, the dangers to companies are considerably heightened. Utilising a report from Ernst and Young (EY), Turnerlittle.com sought to find out how cyber security threats have increased in recent years, and what companies are, and should, be doing to prevent cyber-attacks.
With the sudden increase in the frequency and scope of cyber-attacks around the world, new and impending regulations are already encouraging some of the financial sector’s biggest names to review their cyber security plans. In an EY survey, Turner Little analysed that, staggeringly, more than half of respondents (53%) admitted that their cyber security budget has increased over the last year due to more recent demands needed for protection.
Photo credit: Rawpixel.com/Shutterstock
In an age where we are so consumed with technology, companies are beginning to understand that cyber security is a major risk, perhaps even a number one priority. But, unfortunately, no business can completely protect itself from a cyber-attack. Companies can implement plans and strategies to help prevent breaches from occurring, or being too damaging to a company’s reputation.
Cyber risks are constantly changing and are difficult to keep up with, which can be destructive. Therefore, deciding what areas are ‘critical’ for protection can be a challenging process for any big company, as attacks are becoming increasingly complex and the lines of attack are shifting each day. For many companies, customer data is at the forefront, with a staggering 65% of businesses citing customer personal and identifiable information as the most valuable asset to protect, while 36% cited customer passwords.
Turnerlittle.com found the following business assets to be the next most important to protect for cyber security:
- Company financial information – 19.5%
- Corporate strategic plans – 18.4%
- Senior executive/board member personal information – 15.1%
- Information exchanged during M&A activities – 11.5%
- Patented intellectual property (IP) – 10.1%
- R&D information – 9.6%
- Non-patented IP – 8.3%
- Supplier/vendor identifiable information – 4.2%
Photo credit: supimol kumying/Shutterstock
Turnerlittle.com found that, at present, there is a low skill set shortage in the cyber security field. Unfortunately, at all levels, there is a lack of training regarding how cyber risks should be handled in day-to-day business life. As a result, companies need to increase cyber security awareness training, whilst instilling an understanding of how cyber risks can impact different roles and projects, as well as overall businesses.
Turner Little analysed a 2017 report by Gov.uk and found that over the last 12 months, some businesses are attempting to ensure cyber security training, either internal or external, is offered to all employees. Although, from the report, Turner Little concluded that training must be more accessible.
Some of the results conclude:
- Small firms – 25%
- Medium firms – 43%
- Large firms – 63%
- Within finance/insurance – 49%
- Within info/ communications/utilities – 41%
Photo credit: everything possible/Shutterstock
Of these companies, the employees who attend the training courses varies. Unsurprisingly, IT staff had the highest attendance (79%), followed by directors or senior management staff (59%), staff members whose job role includes information security or governance (47%) and other staff who aren’t cyber security or IT specialists (29%).
Despite IT staff attending more training courses on cyber security, more training must be offered to staff this year. Cyber security risks affect everyone, not just the IT department – it has a serious direct and immediate effect on businesses as a whole, impacting corporate reputation, business acquisition and client retention. Perhaps this could explain why many business boards often take a ‘narrow’ view of cyber security, and direct resources towards other areas of security and software? The expense.
Turner Little found that cyber security can be expensive for companies; particularly those that are deemed “small” or micro-businesses. According to Gov.uk, the mean spend on cyber security of all businesses in the UK is £4,590, and for large businesses, the mean spend reaches a staggering £387,000. However, it is worth it in the long run, as Turner Little found that the average cost of breaches to all businesses in the UK reached £1,570 in the last 12 months – and £19,600 for large firms.
Photo credit: Kopytin Georgy/Shutterstock
So, what can businesses do?
Turnerlittle.com has rounded up the top 10 things business can do to in 2018 to prevent cyber security breaches, using information from cyber experts at EY:
- Integrate cyber security into the talent strategy and create a CISO (chief information security officer) role that is fit for your business
- Clearly define cyber security responsibilities in your business
- Put cyber security at the forefront of a cross-functional business strategy – it shouldn’t be viewed as an “IT problem”
- Ensure that cyber security is at the heart of digital innovation and helps, rather than hinders it
- Understand how new and upcoming regulation can impact your business, and work with regulators, as they want a strong financial services sector
- Risk rate all your key assets and determine a protection approach for each one – with a focus on the most critical ones
- Develop a dynamic cyber security risk management model to enable your business to scale if there is an escalation of external risk or a decision to change the firm’s risk
- Integrate compliance into your cyber security strategy – any money invested in compliance will return value to the business by providing appropriate protection
- Strengthen resilience by having a clear crisis action and communication plan for when things do go wrong, so that crisis and continuity management can be thought through and practiced at all levels of the business
- Collaborate with your peers to seek more solutions – today’s cyber risks threaten the entire financial system, and the failure of one key player could damage the reputation of an entire industry
Feature image credit: Tashatuvango/Shutterstock