The finance industry needs to spruce up its security act, according to Joe Collinwood, CEO at CySure (pictured).
Collinwood cited the UK’s Financial Conduct Authority (FCA) with incidents increasing from 69 in 2017 to 819 in 2018 – an increase of 1000 percent and said that in the technological age no business could afford to be underprepared when it comes to cybersecurity.
The finance sector regulator, the FCA, has recorded a ten-fold increase in cyber-crime incidents (i); however, across all sectors, more businesses are reporting being impacted by a cyber incident year-on-year. According to a recent report conducted by Hiscox (ii), there has been a sharp increase in the number of cyber-attacks this year, with more than 60 percent of firms have reported one or more attacks, up from 45 percent in 2018.
“The same report shows that cybersecurity incidents cost the average small business (under 50 employees) $29,000. Cyber related costs typically include ransoms paid, hardware and software systems replaced, the impact of losing customers and difficulty attracting future business and damage to reputation, all of which can be difficult if not terminal for a small business”, Collingwood said.
He said the Hiscox report revealed that supply chain incidents are now commonplace and contributing to the rise in cyber-crime. Nearly two-thirds of firms surveyed (65 percent) have experienced cyber-related issues in their supply chain in the past year. While not always the case, it is often SMEs with their limited IT expertise and resources that have the weakest cyber-security arrangements.
Organisations that are subject to the EU General Data Protection Regulation (GDPR) have a limited time to report a data breach to the Information Commissioner’s Office (ICO). Under GDPR, data controllers are responsible for their compliance as well as that of any third-party processors. As a result, organisations are closely examining the security practices of any potential third party and seeking agreements to the measures it will take to secure its systems. It’s time for SMEs to step up and prove their security credentials – or risk missing out on lucrative business opportunities, Collingwood said.
Collingwood said the risk of an attack could not be minimised; cybercrooks are business-like in their approach, fand or them attacks are a low-risk, high-reward model. This particularly applies to SMEs and sectors such as accountancy and law firms where the criminal gains can be significant.
He cited a recent poll conducted by the UK Law Society showing that approximately 80 percent of firms have reported phishing attempts in the last year. SMEs need a strategy to identify and proactively minimise risks. Certification provides a practical framework for an organisation to assess its current cyber hygiene levels and take steps to protect itself against common cyber-attacks.
“Increasingly, we are seeing company boards requesting assurance on how a company is preparing for cyber breaches and how it will deal with the aftermath through agreed protocols. Part of a board’s fiduciary responsibility is to identify and mitigate those risks that could impact the organisation. Good cyber hygiene not only demonstrates good information governance; when performed properly, it results in the protection of stakeholder assets and the potential mitigation of legal and compliance risks.”