- Security TWENTY
- Women in Security
Cyber security is now considered to be an executive responsibility, with 54 per cent of CEOs in European companies taking responsibility for it, according to new research from Lloyd’s, the London-based insurance market. However, many businesses still under-estimate the potential impact of a cyber event, with only 13 per cent of European companies believing that they will lose trade in the event of a cyber attack.
The Lloyd’s ‘Facing the cyber risk challenge’ survey, which examined the attitudes of European business leaders towards cyber risk, also suggested that whilst 92 per cent of businesses had experienced some form of cyber breach in the last five years, only 42 per cent are worried that another incident will happen in the future.
Lloyd’s Chief Executive, Inga Beale, believes the results should serve as a warning that firms may still be too complacent as regards how they are prepared for a cyber risk incident and what the implications of one could be for their business.
Inga Beale said: “It is reassuring that responsibility for cyber risk is sitting at the most senior level of businesses, but it is clear that too many firms do not believe that the dangers of a breach will severely impact them. I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.”
Inga Beale said that insurance can provide a critical role in helping businesses in this environment, not just in terms of cover for any financial losses, but for the support regarding meeting regulatory obligations and dealing with potential operational and reputational fall-outs.
“New Europe-wide regulations will mean that businesses have to be more responsive to any cyber incident than may have been the case in the past. Insurance companies provide more than just cover for any lost income, they offer a wrap-around service that can keep businesses on the right side of regulation and help protect their customers and their reputation.”
With the incoming General Data Protection Regulation (GDPR), organisations handling EU citizens’ data will be required to report breaches within 72 hours and will face potential fines of up to 20 million euros for failing to secure data. Despite the implications, 57 per cent of business leaders also admit not fully understanding the potential implications of the GDPR on their company.
Points highlighted by the survey included:
• 92 per cent of business suffered a cyber security breach in the last five years
• However only 42 per cent are concerned another breach will happen in the future
• Although 97 per cent of respondents have heard of the GDPR, only 7 per cent report knowing “a great deal” about it. 57 per cent said they know “little” or “nothing”
• Awareness of the implications the GDPR could have upon a business: regulatory investigation (64 per cent), financial penalties (58 per cent), impact on share price (57 per cent) and reputation (52 per cent). Only 13 per cent of businesses believe they could lose customers in the event of a breach
• Top internal threats identified as being able to result in a data breach: physical loss of paper or non-electronic devices (42 per cent), an insider intentionally breaching information (42 per cent), human error or unintended disclosure (41 per cent), lost, stolen or discarded equipment (41 per cent)
• Top external threats identified as being able to result in a data breach: hacking for financial gain (51 per cent), hacking for political motivations (46 per cent), hacking by competitor (41 per cent), phishing (39 per cent), ransomware (37 per cent), malware (32 per cent).
About the survey
The survey of nearly 350 senior business decision makers from across Europe included 100 from UK businesses. Visit Lloyd’s cyber hub: http://www.lloyds.com/lloyds/about-us/what-do-we-insure/what-lloyds-insures/cyber.
Trevor Dearing, EMEA Marketing Director at Gigamon, said that businesses – irrespective of size – simply cannot afford to be complacent when it comes to cyber-security. “The fact that so many businesses believe they are secure, even though they have previously reported cyber-attacks, just goes to show the level of disconnect and confusion that unfortunately plagues so many organisations when it comes to their cyber-security position.
“The number and severity of data breaches is definitely increasing every day, and as critical infrastructure continues to move online, businesses are becoming increasingly vulnerable to cyber threats. It’s no secret that organisations are ﬁghting a growing enemy – barely a week goes by without news of another major brand being breached by ever-determined and well-equipped cybercriminals. Despite our best defences, hackers are not just getting through, they are staying undetected on corporate networks for longer. To combat this, organisations and security vendors must ditch the complacency and instead ﬁght smarter, in a more joined up way to identify, isolate and eliminate cyber threats faster.
“As the new EU General Data Protection Regulation (GDPR) comes into force and fines increase, this ability to identify and eliminate cyber-attacks will become even more important. To avoid becoming the next data breach headline or paying hefty industry fines, organisations need to constantly examine the way that their data security models are deployed and managed. In practice, this must begin with ensuring full, pervasive visibility into everything that’s happening across their networks – a task that cloud computing, mobile, virtualisation and IoT has made harder than ever.”
And David Navin, Corporate Security Specialist at Smoothwall said the findings highlighted the inescapable fact that security breaches are very much a threat that needs to be at the top of every boardroom’s agenda. “Gone are the days when companies prepared for ‘if’ a cyber-attack occurred – now, they must be ready for ‘when’ a breach takes place. In this digital age companies have a wealth of data and information, making them very lucrative targets for cyber criminals. It is vital therefore that companies protect themselves and have a robust plan in place in the event of an attack, as the fall out could cause immense reputational damage to a company.
“What’s more, it is shocking that only 13% of businesses believe they could lose customers in the event of a breach, which is incredibly naive from those who don’t think a breach will affect their reputation, as it can in actual fact have grievous financial and reputational repercussions.
“Thanks to where the purse strings lie, a company’s security and IT department need to hit home with its board, CEO, CFO and CTO, ensuring they are educated to the risks and understand the importance of having strong security measures in place. It is essential to have enterprise grade security solutions in place beginning with firewalls, encryption and good security software. Security needs to be taken seriously at all points of the organisation, to ensure that all employees understand the risks of their actions and know the security processes in place should an incident occur, in order to mitigate the risks in the event of a breach.”