The same approach to tackling so-called ‘traditional criminal activity’ should be adopted to defeat cyber criminals, according to an audit firm.
Serena Gonsalves-Fersch, head of KPMG’s Cyber Security Academy, says: “The approach by Britain’s law enforcement agencies to cybercrime should be the same as any other criminal activity. They need to not only better understand the key cybercrime triggers but also how to support victims of cybercrimes. Building up a knowledge sharing networks with the private sector to be better plugged into the activities of cyber criminals will ensure they are a step ahead.
“Recent research from KPMG shows that 57% of UK companies believe it is getting more and more difficult to recruit and retain high quality staff in the cyber space and 52% said there is aggressive headhunting in this area. So it comes as no surprise that the law enforcement agencies – who are less able to provide premium salaries, benefits and ‘golden handshakes’ – are facing an uphill struggle to get the best people on board.
“However, having a handful of highly paid specialists will only go so far. Both private and public sector organisations need to focus on developing the skills of their existing workforce and on integrating cyber training into their overall training and development policies.”
The auditors meanwhile say that organisations are struggling to stay on top of costly technology risks. A new report by KPMG, the Technology Risk Radar, which tracks the major technology incidents faced by businesses and public sector bodies, finds the cost of IT failures over the last 12 months. It found that, on average, employers had to pay an unplanned £410,000 for each technology-related problem they faced. The report also reveals that an average of 776,000 individuals were affected – and around four million bank and credit card accounts were compromised – by each IT failure.
Incidents caused by ‘avoidable’ problems such as software coding errors or failed IT changes accounted for over 50 percent of the IT incidents reported over the past year. Of these, 7.3 percent of reported events were the fault of human error – a figure which shows that basic investments in training are being ignored at the employers’ cost. Further, while data loss related incidents continued to be a major problem for all industries, a significant number of those (16 percent) were unintentional.
KPMG suggests that customer-facing organisations are quickly realising the true cost of systems failures if they are left unchecked. For instance, a utility company faced a £10 million fine when technical glitches during the transfer to a new billing system meant customers did not receive bills for months and were then sent inaccurate payment demands or refused prompt refunds when errors were eventually acknowledged.
Comment
Jon Dowie, Partner in KPMG’s Technology Risk practice said: “Technology is no longer a function within a business which operates largely in insolation. It is at the heart of everything a company does and, when it goes wrong it affects an organisation’s bottom line, its relationship with customers and its wider reputation.
“Investment in technology will continue to rise as businesses embrace digital and other opportunities, but this needs to be matched by investments in assessing, managing and monitoring the associated risks. At a time when even our regulators have shown themselves to be vulnerable to technology risk, no one can afford to be complacent.”
With financial services under enormous pressure to maintain highly secure technology infrastructure, the audit firm predicts IT complexity will continue to be the single biggest risk to financial services organisations in the coming year. This is closely followed by ineffective governance, risk and non-compliance with regulations. Security risks – such as cyber-crime and unauthorised access – are rated fifth.
Jon Dowie adds: “With ever greater complexity in IT systems – not to mention the challenge of implementing IT transformational change – companies are running to stand still in managing their IT risks. The cost of failure is all too clear. It is crucial for both public and private sector organisations to understand the risks associated with IT and how they can be managed, mitigated and avoided.”
