Why Cyber Security Matters
The spread of cyber-attacks should come as no surprise, however. Cisco has predicted that by 2020, some 50 billion devices will be connected to the internet. And thanks to the Internet of Things there is now web-enabled software in everything from cars and planes to fridges and animals. At a time when coffee machines have IP addresses and voice-activated TVs continually listen in on us, a lot of effort is required to keep our digital data safe.
It’s not just the little people who can be hounded, either. In fact, more lucrative targets involve household names, such as Tesco (which had 40,000 bank accounts “compromised”), San Francisco’s public transport system (which had its payment systems neutered), the Philippine government (which lost the personal information of every single voter), and Yahoo, which had “the biggest data breach ever recorded” in 2014, when up to 500 million customers had their data pinched.
These manoeuvres contribute to some startling statistics. Juniper Research predicts the cost of data breaches globally will hit $2.1 trillion by 2019, which is equivalent to the GDP of India last year. Global Cyber Security forecasts a $1 trillion spend cumulatively over the next five years on cybersecurity projects. This is big news, especially when the industry was worth only $3.5 billion around a decade ago, but looks set to hit $120 billion this year. However, it is the facts behind the headline figures that are, if anything, more alarming.
But who is behind this increase in attacks? Twenty years ago, it was recreational bedroom hackers simply testing their skills. Then the criminal gangs got in on the action, stealing credit card details. A decade ago, ‘hacktivists’ like Wikileaks rose to prominence, seeking to expose governmental and industrial secrets. In recent years, the emergence of state-sponsored attacks has been on the rise – the Stuxnet attack by the US and Israel on Iran’s nuclear programme was the first to really come to light. Nowadays, accusations of foreign meddling in domestic elections (US, France, Brexit) are levelled on a regular basis.
The consumer reaction to companies that are hacked tends to be more punitive than the fines courts could levy. Reputations are shattered, revenues plummet and customers leave in droves. A British telecoms company, TalkTalk, who were hacked in 2015, lost £60 million in revenue as well as over 100,000 customers. One of the first large UK companies to face a prominent hack, there was confusion over what to do. Dido Harding, CEO of TalkTalk said, “The advice we had from the Metropolitan Police was not to tell our customers”. The perpetrator was a 16-year-old boy showing off to his mates.
The question is how to protect a company when it is connected to myriad suppliers. RiskVision, a risk intelligence company, has identified that 80% of corporate breaches come from a third party, a supplier or vendor. For example, US store Target was hacked through a small refrigeration company who had access to their networks, which resulted in the theft of millions of credit cards. Then there was the oil company that was accessed by ‘infecting’ the menu of a local Chinese takeaway with malware, which employees would download, open up and order from.
Businesses are having to approach cybersecurity rigorously, and data breaches are hugely expensive in terms of reputation and revenue. To succeed in the brave new digital world, companies and corporations are going to have to ensure that everyone in their supply chain is as safe and secure as they are if they are going to keep their good name intact, which means that almost everyone will need to invest in top-level cyber defences. As Ginni Rommety, CEO of IBM puts it, “cybercrime is the greatest threat to every company in the world”.
Cybersecurity isn’t going away. Still in its relative infancy, it is an area that is only going to become more important over time. The threats will increase and the attacks will become smarter, meaning a constant need for reinvention and monitoring. This is why cybersecurity is a long-term trend to be aware of, and why it should form part of a comprehensive and strategic approach to investment.