Cyber-threats are one of the great risks to businesses of all sizes, across all locations. And this risk is going to increase ever more so as we head into the heart of 2017. Indeed, along with the uncertainty over Brexit, cyber-crime is seen as one of THE biggest threats facing UK business this year.
And yet, despite both recognition that the risk is real, the recent high profile attacks at Tesco Bank, Yahoo and others suggest that too many business leaders are not giving the threat the serious levels of consideration that it warrants. As perhaps highlighted by the fact that almost three-quarters of SME leaders admitted that they had no adequate cover in place to protect against a breach of their system.
So, how do we get the C-Suite to sit up, pay attention and start getting serious about their business’ cyber-security?
I guess we start with the brass tack of it all. Cyber-breaches are costly. In all too many instances, these costs can be devastating; with even SMEs incurring costs in excess of £300,000 for breaches of their systems. For a significant proportion, this is the kind of cost with the potential to cripple and destroy a business.
And even if the business is able to survive the cost of the breach, the damage to brand, reputation and trust can be equally devastating in the long run. Using the Tesco Bank attack as a recent example, shares in the company suffered as a result amid fears that the scale of the attack and the apparent lack of suitable precaution will have negatively impacted the brand’s reputation, from which recovery could be difficult.
Cyber-security is an issue that brings with it a growing amount of legislative responsibility which the C-Suite cannot ignore.
- Punitive Sanctions – It’s growing increasingly more likely that victims of cyber-attack will have the double-whammy of falling foul to legal sanctions as well, should it be deemed that insufficient precautions were taken to guard against attack. Fines for RBS and TalkTalk in recent years should be warning enough, with UK companies facing the prospect of multi-million pound penalties over the coming years from ever stringent measures.
- Compliance – One of the biggest threats posed by cyber-crime is the loss, compromise or inaccessibility of sensitive data. Increases in spear-phishing, ransomware and hack attacks puts data at high-risk. And while we’ve already looked at the costs, this also risks a company’s compliance; with business leaders ultimately held to account.
Concern for IT security has traditionally been delegated down from the C-Suite to the IT department. It’s an old way of thinking in an age where digital technology permeates every aspect of an organisation. As well as green-lighting sophisticated protection software, cyber-security requires a cultural shift.
Understanding the costs should focus the mind; while effective leadership in cyber-security and the raising of awareness in the company culture can play a significant part in creating a safer online environment. A report from the Economist suggesting that C-Suite driven initiative can half the risk of cyber-attack in a business.
Make no mistake, the risk of a breach is a major issue and should be at the top of the agenda across boardrooms of all companies. The costs attached to a major cyber-attack on your business are substantial, with the potential to deliver fatal damage financially and reputationally. Delegating responsibility or worse, underestimating the impacts, can be devastating and should be reason enough to encourage business leaders to act. Making strong leadership from the C-Suite imperative, with potentially significant impact on reducing risk and protecting the business.