Businesses around the world need to do more to tackle the potential threat of cybercrime, experts have warned.
With instances of hacking and attacks on digital assets on the rise, it is one of the biggest threats to global organisations in 2013, but recent studies have shown that many companies are not doing enough to combat the issue.
According to latest estimates from the Cabinet Office, cybercrime is costing small business in the UK as much as £785m a year and costing the country’s economy up to £27bn, a 300 per cent rise on the previous year. Slightly more conservative figures in last year’s Cost of Cyber Crime Study from Ponemon Institute and HP suggested that attacks against US businesses were costing $8.9m a year, although the more concerning statistic was that the success rate of cyber attacks against companies in the US was up by 42 per cent.
Two more key surveys this year have underlined the fact that attacks are on the rise and no matter how accurate estimates of the potential costs, there is no doubt that the figures run into millions and the risks to businesses of all sizes are potentially devastating.
The recent 2013 State of Cybercrime Survey, jointly carried out by the US wing of professional services firm PwC and security and risk publication CSO, suggested that some of the USA’s biggest firms have made little progress in addressing the potential threats that cybercrime presents.
The results, which also involved research from the US Secret Service, FBI and Carnegie Mellon University, revealed that nearly a third of all businesses quizzed did not have a formal plan in place for responding to cyber attacks.
It is not just threats from foreign counties or external hackers that companies need to protect against either, in fact the majority of damaging cybercrimes are ‘insider’ jobs, coming from in-house staff, consultants or contractors. In the PwC survey, 34 per cent of respondents said insider cyber attacks had caused more damage, compared to 31 per cent which identified outsider attacks as the most damaging.
While attacks are on the rise, experts believe that the majority of instances could be preventable. According to the report as many as 80 per cent of all cybercrimes are carried out in forms that companies could readily defend themselves against if they put proper systems and monitoring in place, while a more robust strategy could prevent a further 15 per cent of attacks.
But concerns have been raised that even leading companies do not have access to the necessary expertise to appropriately protect themselves. The National Audit Office says the UK could face a shortage of skilled professionals needed to protect both the public and private sectors in the digital world.
The British government appears to have recognised the importance of the issue, allocating an additional £210m towards its £650m National Cyber Security Programme.
The high profile given to cybercrimes and the potential risk of ‘cyber spies’ has been thrust into the limelight even further by the Edward Snowden saga, leading some experts to call for the Government to increase that budget even further. It is an issue to which government leaders around the world are dedicating more and more resources, while cross-border cooporation is likely to be key to dampening the threat. A $45m virtual ATM raid last December and February involved a gang of cyber criminals hacking cash machines in 27 countries simultaneously, while a similar attack led to 50 arrests in a joint operation between police in Romania and Europol.
But even working together the authorities can only do so much when it comes to protecting businesses and the onus is still very much on CEOs and business leaders to ensure their own organisation has the necessary protocols and steps in place to monitor, prevent and report attacks. Draft measures being proposed in the European Parliament could even place a legal requirement on business owners to ensure they have taken out adequate measures. If passed, companies operating in member states could even be wound up as a penalty for failing to ensure their employees are not engaged in cybercrime.
Threats from cybercrime come in many forms too, it is not just the direct financial threats of hackers gaining financial details that can undermine a business, it plays a big part in reputation management too. Companies that deal directly with consumers online risk losing the loyalty of their customers if their security systems are breached, with visitors losing confidence that their own online identity is safe. Businesses can also fall foul of data protection laws if customer data is accessed illegally.
Large companies face average bills of £850,000 to rectify the worst instances of direct cyber attacks, while average bills for small to medium sized business still run into tens of thousands. With cybercrime carrying the potential to cripple companies of all sizes, it’s an issue that no business owner can afford to ignore.
Has your company taken steps to protect you and your customers from cybercrime? Let us know in the comments below.