Cyber Crime: A risk more sophisticated than ever before
Cyber attacks remain one of the UK’s top national security risks, but how many businesses suffer from cyber crime and how much is it going to cost them?
A recent report by GCHQ suggested that as many as eight in every 10 of the biggest British companies have suffered a serious cyber attack, costing the UK economy tens of millions of pounds per annum, the average cost for security breaches is rising significantly for both large and small businesses. A recent study from PwC has shown that for small businesses, the worst breaches cost between £65,000 and £115,000 and for large businesses, the damage can be anywhere between £600,000 and £1.15m.
The growing threat of cyber attacks has prompted regulators in the EU and the US to demand more information from large financial groups on their IT security practices and breaches. However, it is clear that there is a reluctance to talk publicly about their efforts to combat cyber crime and/or any flaws in their systems in an attempt to avoid future attacks by hackers who have taken advantage of their public security failings or the apparent lack of protection for their investors. As a result, hacking cases are rarely reported in the UK and due to weaker reporting requirements businesses feel that they have no obligation to do so. In the US however, reporting requirements are much stronger which is demonstrated by the comprehensive media coverage of the recent security breaches in US companies such as Target, JPMorgan Chase and Sony.
In an attempt to strengthen the EU’s reporting position, in 2017 regulators plan to enforce new regulations to force firms to provide full and prompt information about hacking attacks. If a company refuses to comply with the regulations, they will be hit with a large penalty. It is hoped that this will not only ensure that the public will be better informed when data breaches occur but also ensure that businesses can no longer side-line their duty of disclosure in favour of commercial decision making.
The City of London has become a prominent target for malicious online activity and the divide between companies who have the resources and the budget to ensure that they have large scale cyber security options and those who have lower budgets and as a result are struggling to get their defences up, is continually widening. In light of this divide, although experts believe that the industry is now in the position where the awareness of cyber security is present, measures to prevent threats are still severely inadequate which means that many organisations, especially small organisations, remain vulnerable to the sophisticated mechanisms used by criminals in the cyber crime world