Who is the most likely to be attacked
The most likely targets for cyber attacks will surprise nobody with financial services coming out top. According to the press release 74% of business say it is a threat while 26% admit to being victims of cybercrime.
Interestingly only 27% of transport firms see cybercrime as a threat and only 10% have reported an attack. Transport is an interesting sector with many countries recognising it as
have reported a cyber attack in the past 12 months and just 27% perceive it as a threat.
Government see the risk to transport and to the utilities sector as being more about cyber terrorism than cybercrime although there have been reported instances when hackers have stolen airmiles and used them to book tickets that they have later sold on the black market.
What drives cyber security?
It might seem reasonable to think that the biggest driver of cyber security was regulation or risk to the business. According to the press release that is not the case. Instead Grant Thornton say: “the number-one driver cited is client/customer demand (44%). 42% of business have implemented a strategy because of an increased use of automation and other emerging technologies which could leave them exposed.”
With the threat of cyber attack increasing this report shows that companies need to re-evaluate their risk and put in place effective measures to protect themselves from cybercrime. Sharma said: “Vigilance alone won’t keep businesses safe. Proactive and detective measures are need to work together to minimise the threats.
“This is an issue which needs to be on the agenda in boardrooms as well as business departments. Management teams need to be driving cyber strategies which boost awareness of the threat among all staff, and of the policies and procedures in place to deal with the threat. Just as critically, clients and customers also need reassurance that effective controls are in place.”
Conclusion
Parts of this report will come as no surprise to security professionals such as the rise in cyber crime and the woeful lack of preparedness. For those sitting in the boardroom who think that they’ve spent more than enough on cyber security over the last two years, this report should come as a wake-up call.
Unlike other parts of their business where a one-off investment can be relied up to provide years of service, cyber security is going to be a rising costs every year. The longer companies leave it to get the basics right the greater the risk of a successful attack.
The European General Data Protection Regulation due to come in during 2016 with a maximum fine of 5% of turnover. This is more than 4 times the average cost of a successful cyber attack based on the numbers in this report. Failure to properly protect the company might mean you survive the initial attack but the response of the regulator to corporate failure might be enough to close some companies.
