Businesses who think cybersecurity is expensive should try estimating the cost of a cyberattack.
A survey report, Pursuing Cybersecurity Maturity at Financial Institution, released by Deloitte and the Financial Services Information Sharing and Analysis Centre revealed that insurance companies, banks, investment managers and other financial services companies spend between 6% and 14% of their annual information technology budget on cybersecurity. This roughly equals 0.2% to 0.9% of company revenue.
Cybersecurity is expensive, but when compared to the cost of a cyber breach, it certainly pales in comparison. According to the 2022 IBM Cost of a Data Breach Report, the finance industry had the second highest cost per breach, averaging $5.97 million per breach.
In 2022, Crypto.com, one of the best-known cryptocurrency exchanges in the world, was hacked. Following the hack, authorised withdrawals worth up to $35 million were made. Ronin Network, a sidechain attached to block chain game, Axie Infinity, was also breached by hackers that made away with $25.5 million and 173,600 Ethereum, totalling $615 million in stolen funds.
With cybercriminals becoming ingenious in their approach, cybercrimes continue to be on the rise. Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion in 2015. This estimation is based on historical cybercrime figures including an increase in organised state-sponsored hacking activities and recent year-over-year growth.
Can your company afford to ignore cybersecurity?
The CyberEdge 2022 Cyberthreat Defense Report (CDR) found that 81.4 percent of businesses in the UK experienced at least one cyber attack prior to the study, compared to 71.1 percent in the previous year.
Every business — small, medium, or large — that makes use of the Internet cannot afford not to prioritise cybersecurity. The misconception that cybercriminals are only interested in attacking large businesses is false. As evidenced by studies, small businesses are 60% more likely to be targeted for cyberattacks compared to larger business. In the UK, a small business is successfully hacked every 19 seconds.
Balancing the risk
Understanding a business’ risks is the first step to determining if cybersecurity should be prioritised and if the benefit of mitigating cyber risks outweigh the cost of a cyber breach.
Start with this question: ‘Why should cybersecurity matter to my organisation?’. Does your organisation’s current and future competitiveness depend on its intellectual property? Is it because your company facilitate and manage financial transactions of behalf of your customers? Is it because your business collects and retains personal information about your customers and employees?
An equally important question is what would be the impact of a cyber breach on your business?
Your answers to these questions will determine if investing in cybersecurity is worthy expenditure.
Balancing the reward
Cybersecurity can provide a number of benefits including:
Business trust and reputation: The reputational risk that a cyber attack can cause can be considerable and no financial services organisation wants to be in the news for a cyber breach. A robust cybersecurity infrastructure, when implemented correctly, can minimise the impact and the frequency of attacks. It can also inspire trust amongst your clients and customers.
Productivity: Computer viruses and malware can cause personal computers to run slowly. This might create considerable downtime, resulting in a significant amount of lost time for staff or halt the operation of an entire company.
Regulatory compliance: Businesses in the financial services industry are highly regulated by authorities who have developed strict guidelines to protect businesses and their clients from increasing numbers of cyber threats. A cybersecurity plan helps to meet regulatory requirements.
Customer retention: Businesses that prioritise cybersecurity and have an excellent record are more likely to retain and grow their customer base. The reverse is true for business who do not prioritise cybersecurity. While some clients may choose to remain with a business in the event of a data breach, others may take their business elsewhere. After all, who trusts a business whose lack of cybersecurity led to their identity being leaked or stolen?
Adopting a robust, long-term cybersecurity approach
Cyber threats are evolving and will continue to evolve. In the last two years, the pandemic, and the subsequent shift to remote work has expanded the attack surface for cyber criminals to exploit, creating a need for business to protect computers, servers, mobile devices, and the cloud – from every endpoint to anywhere sensitive data travels.
Businesses must adopt a thorough a robust strategy that includes multiple level of protection across several elements, including:
What security measures are in place to ensure that employee devices are safe to use, and present minimal risk if stolen or compromised? Are PCs, laptops, and servers up to date? Outdated hardware may not support current security upgrades and may also inhibit an organisation’s response time in the event of a cyber breach.
Security patches are issued to fix vulnerabilities that can be exploited by cybercriminals. Once a vendor releases an update, hackers examine what is fixes and proceed to attack machines that are unpatched. Neglecting to install security updates can result in a long-term infection.
Every business must have a security policy and ensure its accessibility to employees. It is pertinent that employees understand the required processes and the potential consequences of violating the policy.
A good security policy must include guidance for staff on how to handle sensitive information. It must include information on password security controls, secure file sharing, data encryption at rest and in transit, vendor checks to ensure strict adherence to cybersecurity best practices, etc.
Employees must also understand how to identify, report, and respond to security issues.
Adopt a zero-trust approach where validation and verification are vital to access information on enterprise network and systems. Enable multi-factor authentication on all systems that support it and consider replacing those that don’t.
Cyber security training must be conducted at least twice yearly. Implementing cyber security training can help staff understand their role in device security and help identify malicious attacks.
Organisations should consider investing in cyber insurance to mitigate the risk of financial losses due to these attacks. By taking a proactive approach to cyber security, businesses can reduce the risk of cyber security threats and reap the rewards of a secure environment.
Does your service provider understand your risk?
With the internet age comes new opportunities, but with these opportunities also comes new threats. Businesses looking to be cyber secure must firstly understand the risks associated with their businesses to adequately assess if their service providers can effectively manage these risks.
At Tivarri, we understand that most businesses may not have the necessary in-house expertise and resources to develop or support a strong security infrastructure. We offer an extensive range of services that are geared towards keeping your business safe and productive. We also provide Chief Technical and cyber security audit and review services, anticipating and responding to investor’s concerns and needs.
Our solutions are flexible, secure, and compliant, freeing up your time to be dedicated solely to meeting the expectation of your clients.
Contact us today to get started.