Lessons not learned as cyber crime still rife

BY Richard Summerfield

Companies operating in the current business climate face myriad difficulties and obstacles. One of the most potent and potentially damaging of these challenges is the scourge of cyber crime and cyber terrorism.

One need only look at the attacks on Ashley Madison, Sony and Target to see the extent of the financial, personal and reputational damage that cyber crime can inflict on companies and individuals.

Given the size and scale of some the most recent cyber attacks, it is difficult to imagine companies neglecting their cyber security obligations. However, according to a new report from PwC, nearly 10 percent of UK companies do not know how many cyber attacks they have suffered in recent years.

Furthermore, 14 percent of companies do not know how the attacks occurred. This is particularly disturbing as detected breaches in workplace security systems increased by 38 percent in the past year, according to PwC.

Cyber attacks via mobile phones in particular are becoming much more common. Thirty-six percent of respondents reported an increase in mobile attacks, up considerably from the 24 percent recoded last year. The average cost of those attacks is around £1.7m, the report notes.

PwC’s annual survey took in the opinions of more than 10,000 executives in more than 127 different countries. Much of the damage caused by cyber crime, according to the report, results from the actions of current staff members. Former employees were also a major source of cyber criminality.

But attitudes toward cyber security are changing. According to Dave Burg, global and US cyber security leader at PwC, the survey demonstrated a burgeoning awareness among corporates, many of whom are starting to act and think seriously about cyber security.

“We are seeing an increase in awareness of the risk and opportunities, and more boards are becoming more actively engaged in cyber security preparedness," said Mr Burg.

Despite the increase in boardroom awareness, more can and should be done at board level. The survey noted that 55 percent of boards do not participate in the overall security strategy. Furthermore, 42 percent of companies do not have an overall information strategy.

Report: The Global State of Information Security Survey 2016

©2001-2016 Financier Worldwide Ltd. All rights reserved.