Not long ago, computer security was generally treated as a virtual vaccination: you installed your anti-virus software and made sure you had your booster shots against cyber risks, but otherwise, you did not think much more about it.
Strangely, many companies still take this kind of complacent approach to cybersecurity, although some analysts estimate that damages to companies now run to more than $600 billion every year worldwide
Only a minority have become aware that what they need is no longer just the occasional upgrade but a new way of doing business. Such a way would recognize the expensive and possibly the existential threat posed by inadequate cyber security strategy and measures. They understand that the scale of the threat is now so great that they need not just some basic measures but a sophisticated risk management strategy.
Where the money is
More quickly than most people realize, the scale and seriousness of the cyber risks and threats companies face, have changed. Many of the most expensive cybercrimes are growing now by triple-digit percentages every year, with no end in sight.
Why the underworld interest? Part of the reason is the same one the American bank robber Willie Sutton gave. When asked why he robbed banks, he answered, “because that’s where the money is”. Over half the world’s population is now online, and their economic and social lives are now deeply connected to the Internet: the combined value of Facebook, Google, Amazon, and Apple stock is now greater than the Gross Domestic Product of France.
But criminal organizations are also digitizing for the same reasons that honest companies do – it’s easier, more convenient, and makes their operations much more scalable than they were in the pre-digital era. Why would you rob a bank in person if you could do it in your slippers 6000 km away?
No wonder that the 1000 executives, scholars, NGO leaders, and others polled for the 2019 Global Risks Perception Survey, which was published in this year’s World Economic Forum’s 2019 Global Risk Report, and ranked “massive data fraud and theft” as the fourth-most likely catastrophe over the next ten years, right after a climate disaster.
Five critical questions
Most informed executives know this at an intellectual level. After all, data breaches and ransomware scams are in the news almost every week. However, you may not be aware of just how vulnerable you are to a serious attack. Even in an internet-savvy market like the United Kingdom, most companies have more or less left their front door unlocked: although 32% of British businesses suffered a breach or an attack in the last 12 months, only 16% of British companies have formal cyber security management processes and risk management strategies in place.
To meet this challenge head-on, you need to get straight answers to five critical questions:
- Is cybersecurity a C-Suite concern?
- Do we have a strategic view of the risks we face now?
- What are our key risks today? What emerging threats should we be most concerned about in our industry?
- Are we spending too much or too little for our online security?
- Do we have an outside partner with long-term experience in cybersecurity and a global view of the possible threats we face?
Getting it done
The global digital transformation is changing all kinds of things about the way the world lives and works. Unfortunately, in addition to the trillions in economic value it is creating, this revolution is also generating a new set of serious economic risks. As with most risks, the best way to mitigate their most serious consequences is to begin thinking about them early. This may be especially important for cybercrime, which is both like and unlike many older threats. Constantly morphing and growing, cybercrime demands the adoption of a very flexible and creative defensive cyber security strategy. You don’t want to wait to start to reduce the cyber-risks that you, your supply chain, and your customers face today and will face tomorrow.