The latest facts and figures around cyber security make alarming news. Big business or SME, it doesn’t matter, as attacks are indiscriminate and on the rise.
Last year, consultant PwC said cyber-crime was the fastest growing area of fraud. In 2014, it made up only 20% of Britain’s economic crime but in 2016, rose to 44%.
So any firm that sees this as the “risk manager’s responsibility” or “just an IT issue” has their head in the sand. Boosting resilience through having cyber security as a board-level and indeed, enterprise-wide issue should be a priority.
It’s welcome news that the government realises theseriousness of the risks the UK faces. Chancellor Philip Hammond announced a £1.9 billion package last November, which will boost the UK’s national cyber fraud defences.
The amount is pretty much double what was spent in 2011 in a similar strategy and this latest investment will focus on shutting down fake government websites, improving cyber security expertise and on better security for smartphones, tablets and laptops.
But, cyber-crime comes in many shapes and sizes and no business can rely on the government to provide enough protection – we all have to play a part in combatting risk.
Financial services firms make particularly attractive targets for cyber criminals. Customers want to use digital services, but trust is also paramount. A breach results in huge reputational damage as well as monetary losses.
This January, Lloyds Banking Group was in the firing line when it was hit by a 48-hour attack, after cyber criminals tried to block access to 20 million UK accounts.
The bank was bombarded with millions of fake requests with the aim of bringing the group’s systems to a halt. Fortunately, it appears that the denial of service attack was thwarted through the efforts of in-house security experts and no accounts were compromised.
But, some customers did report problems with logging on and Lloyds was forced to admit it had experienced “intermittent service issues” even though it refused to provide more detail. Meanwhile, last November Tesco Bank said £2.5 million was stolen from some 9,000 accounts.
But, it is wrong to focus simply on large organisations, small firms are equally vulnerable and will not have access to the same in-house resource. In the event, say, of a ransomware attack, many may be unsure how to handle it or where to turn.
In the case of a small financial services business, perhaps a mortgage or an insurance broker, the effects of being locked out of files and having customer details comprised could be devastating.
So, it’s time to put cyber-security at the top of the agenda. There is no one size fits all strategy to stop cyber criminals and they certainly do not fit into a single mould, as they range from big networks to lone wolves.
The best solution for all businesses is to be proactive, which means involving all staff and ensuring they are informed about the risks and that you have sound protocols in place.
Key questions should be how safe is your data? Do you have adequate cyber liability insurance – or do you need to take this out? Do you have a clear and tested plan in the event of a breach? Is it time for an upgrade or to bring in new technology?
For example, Xactium’s enterprise risk management system creates a risk framework for managing risks and monitors the controls you have put in place to mitigate them, as well as to record incidents and near misses. Key risk Indicators also provide an early warning system when the number of incidents on risks exceeds thresholds.
Staying aware and taking action is the best defence – it’s about going beyond compliance. We all need to take responsibility.