The growing importance of cyber security for organisations
By Alara Basul
Over the last decade, cyber security has become a vital part of corporate culture. Whilst businesses have bolstered their security measures, cybercrime has also become increasingly sophisticated over the years. There are now greater opportunities and far higher losses that cybercrime can cause. Almost everything is digital, whether in our personal or business lives, and hackers have greater access and opportunities to capture information than ever before.
The notion of fraud has always been around in business; an important difference is that spotting an anomaly in data or suspecting an unusual transaction may have taken longer in the past to track and prevent. Nowadays, the advanced use of technology fuelled by vast datasets have enabled fraud and security to be measured and examined differently.
The rise of global cybercrime
According to a new study conducted by Juniper Research, the cost of data breaches is predicted to increase from $3 trillion each year to over $5 trillion in 2024, with an average annual growth of 11%.
The report also states that the increase in fraud will be driven by increasing fines for data breaches due to stricter regulations, as well as a “greater proportion of business lost as enterprises become more dependent on the digital realm.” Research conducted by Nominet shows that businesses need to do more in order to build trust from consumers. The report findings include the lack of trust for businesses and that people trust themselves more than the government or the tech industry to keep them safe online – but at the same time, bad habits relating to secure Wi-Fi, password security and responding to a phishing attack could still leave them at risk. As we process more and collect more data, we know that there is ultimately more at stake. For businesses to remain secure it’s important to invest in training employees, building company culture and generating company interest to ensure the safety and security of business information.
Raising awareness and investing in technology
Businesses need to be able to anticipate and prevent new threats and understand how easy it is for hackers to access unsecure data. Hackers utilise the power of technology to find and use stolen data – this will only get more advanced with the use of technology such as AI which will learn the behaviour of systems in a similar way to how cyber security firms currently employ the technology to detect abnormal behaviour. “Businesses need to be aware of the holistic nature of cybercrime and, in turn, act holistically in their mitigation attempts,” says Susan Morrow, author of the Juniper research report. “As social engineering continues unabated, the use of human-centric security tactics needs to take hold in enterprise security.” Helen Davenport at Gowling WLG agrees: “We don’t see any signs of cyber security being anything other than a top priority for businesses.” “High-value hacks and data breaches are becoming increasingly common and it’s important for businesses to ensure they have the right technologies and procedures in place to combat the threat of potential breaches.” Patrick Arben from Gowling WLG explains the reputational and financial damage caused by cybercrime. “Organisations can face serious financial loss if they are victims of a cyber-crime or personal data breach, not only in terms of paying out a compensation for data subjects affected by the breach but also regulatory fines too.. He continues: “this also causes reputational damage, consumers and stakeholders begin to question whether they want to engage with that organisation with a poor track record in data security.”
Going beyond borders
Data has extraterritorial reach, going beyond borders and exposing information in new territories and geographies about businesses and consumers. It’s vital for organisations to build a framework that protects information in a secure and cost-effective way to ensure all applications meet regulatory expectations. Businesses operating in the UK should be familiar with the Cyber Essentials Scheme launched in 2014 to protect organisations against common online threats. The scheme is government-backed and is a benchmark for businesses reviewing their cyber security arrangements. A statement published by the initiative states that The Government requires “all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.” The National Cyber Security Centre (NCSC) is another example of a UK Government agency that works to provide information about, and protection from cyber security threats to the public sector, industry, SMEs and the general public. Davenport adds: “New legislation such as the GDPR is forcing organisations to place a greater emphasis on cyber security. Whilst this presents an increasing challenge to organisations, compliance can bring improvement to business processes and also wider business benefits” It’s important to understand whether a business is meeting policy expectations and finding any areas of improvement. It’s also key to consider what is needed to build closer links between industry players and policy makers, and awareness around improving cyber-awareness for the wider workforce.