Cybersecurity threats – what is the impact?
How much danger are global industries in?
Accenture and the Ponemon Institute recently revealed that the average business cost of cybercrime has increased to $13 million. That’s an increase of $1.4 million over the course of just one year. And the scale of this issue won’t be reduced any time soon, with international cybercrime costs expected to hit $6 trillion in 2021.
Given the high cost to businesses and financial institutions, cybersecurity is becoming a more serious issue each day. And with the general increase in the use of business technology organisations are at a greater risk than ever before.
So, who is most impacted by this threat and what can businesses do to protect themselves?
What’s driving the rise in cyber threats?
All organisations face the risk of cybersecurity attacks, no matter how big they are, or which industries they operate within.
Cybercriminals fully appreciate the value of internal assets such as financial data, intellectual property and IT infrastructure. And the range of threats continues to grow in line with the development and use of business technologies including the cloud, smartphones and the Internet of Things. Accenture has reported that 68% of business leaders feel their cybersecurity risks are increasing.
And so is the sophistication of criminal methods. Although there is some variation in the effectiveness of cyber attacks, they all represent some level of risk to modern-day businesses. Of further concern is the recent Verizon reported that 30% of data breaches involve internal actors.
How much of an impact can cybersecurity breaches have?
There are a variety of costs associated with the breach of cyber defences. The illegitimate access of business banking details and funding sources results in an average enterprise cost of $3.92 million, as reported by CSO Online. There is also the potential for major trading disruptions and loss of high-value contracts.
But, organisations also face significant financial costs due to the amount of time required to identify and repair the damage caused by cybersecurity breaches. The spread of news via online and offline media has further potential to lead to regulatory fines and significant reputational damage resulting in the loss of customers and reduction of profits.
Cybersecurity is increasingly viewed as a major issue, with leading technology companies developing tools for enhanced security.
Palantir Gotham has been used by counter-terrorism analysts and fraud investigators across the US. Designed for industries such as cyber defence and compliance this web-based solution supports businesses in the integration, management, and security of enterprise data.
And the data-driven Snowflake enables the delivery of secure data sharing across multiple clouds. Major companies such as Deliveroo have used this technology in the support of data-driven decisions.
Which industries are hit most?
Any business holding valuable data or important services online is a potential target. Victims of cybercrime have ranged from credit institutions to fuel pipelines with varying levels and types of breaches. If a cybercriminal sees the potential for exploitation of your data, services, or is simply looking to exploit vulnerabilities for a ransom then your business could come under attack.
There has been a seemingly endless stream of media reports concerning the breach of business cyber defences in recent years. Unsurprisingly, Varonis is reporting that only 5% of companies’ folders are adequately protected.
One notable example involved the identity theft of approximately 145.5 million US customers together with that of 400,000 - 44 million British and 19,000 Canadian residents from Equifax, a credit reporting and scoring company.
Reports were followed with an almost instant drop of 13% in early trading shares and the filing of lawsuits. The reputation of the global data, analytics and technology company was severely affected.
There have also been numerous reports of cybersecurity breaches within the healthcare sector. A recent Herjaveck group report revealed that more than 93% of healthcare organisations have experienced a data breach in the past three years. This shouldn’t be of any great surprise given the value of patient data including healthcare records and financial details. One notable incident involved the infiltration of Britain’s National Health Service with Ransomware, resulting in a total cost of more than $100 million.
The cybersecurity concern extends to organisations within the governmental and military sectors. The media have released numerous reports of spying and attempts to damage the reputations of international competitors. There have also been stories concerning the attempted sale of personal data obtained in hacks of government databases. It follows that the US government allocated an estimated $18.78 billion for cybersecurity spending in 2021.
Other major cybercrime incidents have included:
- Cybercrime group DarkSide taking the US fuel pipeline offline, resulting in the greatly increased scrutiny of US cyber standards
- A ransomware attack upon the Norway-based Volue, causing the closure of applications essential to the national supply of water
- The theft of over 400,000 digital files from the Scottish Environment Protection Agency (SEPA) on Christmas Eve with the files being shared online due to the agency’s refusal to pay the ransom.
What are the best means of response to cybersecurity threats?
The need for high-level cybersecurity is apparent in light of the reported breaches. Government agencies and consumer protection groups have led the way in calling for comprehensive cyber risk assessments.
The vulnerable parties are being encouraged to carry out in-depth reviews of IT infrastructures identifying the potential for breaches and the best choice of safeguarding measures. There is a recognised need to communicate the significant threats, monitor technological systems and respond to emerging cybersecurity risks.
The increased focus on this issue should be welcomed, with international organisations prepared to invest considerable amounts of time and money for the safeguarding of sensitive digital assets. Such investment will be essential, given the vulnerability of industries to evolving criminal methods.