For any new service provider or proposed systems update, there’s one important question to consider: will the changes on the table bring added value to the business? Cyber security measures are no exception to this rule.
What risks are you faced with? What are the likely costs of being hit by a breach? How do the costs of prevention stack up against the cost of clear-up? We take a look…
Crunching the numbers: are you likely to be hit?
Despite the warnings, it’s easy to assume that a major security breach is something that happens to other people. So are cyber criminals interested in your business? Recent figures paint a sobering picture…
Very often, it’s the high profile breaches affecting big organisations that hit the headlines. Yet the latest figures from the Federation of Small Business show that all organisations (regardless of size) are vulnerable. Two thirds of smaller businesses have been hit so far - and that proportion is on the rise.
Going beyond this topline figure, where, precisely do your vulnerabilities lie? The latest findings from global security giant Symantec, shed light on this.
- Spear phishing. Essentially an email scam where potential victims are targeted with credible-looking messages purporting to be from people they may have dealings with. The 2016 Symantec report points to a 55% year on year increase in this type of attack.
- Ransomware. Often unwittingly installed on systems, it remains locked until a ransom is paid. There was a 35% year-on-year increase in this.
- Major website security weaknesses. Administration failures - and, in particular, a failure to keep up with patch cycles means that an estimated 75% of websites are vulnerable to attack or infection.
Here in the UK, the threat looms especially large; evidence suggests that we’re the world’s most targeted country for ransomware and spear phishing attempts.
What’s the cost of the threat?
Cyber breaches are repairable - but this can come at a considerable cost. In fact, government figures suggest that the typical cost faced by SMEs in the event of a significant cyber attack is between £75,000 and £310,000. If you are sceptical of how such a figure could possibly be reached, here are the key areas of potential loss you could be faced with:
- Initial downtime. The cost of lost revenue while systems are down and the breach is repaired.
- Client churn. Especially for those clients whose data may have been compromised by the breach, loss of confidence in your organisation is a likely consequence - followed inevitably by contract termination.
- Regulatory fines. Did you know that the Information Commissioner’s Office has the power to levy fines of up to £500,000? What’s more, ICO findings are public domain, meaning that a significant breach can continue to have reputational repercussions into the long-term.
The costs of prevention
The costs of cyber security risk analysis and of dealing with those risks need not be prohibitive. Here are the areas to focus on:
- Human resources. You need to allocate responsibility for identifying and addressing your vulnerabilities. Outsourcing can be one of the most effective strategies for mitigating the costs involved in this - as it means you avoid a permanent drain on payroll. External security specialists are often better placed to keep abreast of current threats than a 'Jack of All Trades' internal IT resource.
- Implementing specific security solutions. Once you have correctly identified where your vulnerabilities exist, it becomes possible to target specific solutions to counter them.
The message is clear: don’t underestimate the risks of IT security - and don’t overestimate the costs of prevention.