With some of the world’s largest companies falling victim to cyber attacks and online breaches, the threat of a cyber attack feels like an ever-present concern for businesses worldwide. The possibility of reputations and productivity taking serious damage and the impact this could have on the company’s future should the worst happen are a serious issue.
And yet a survey by the Information Systems Audit and Control Association, ISACA revealed that while 50 percent of respondents saw an increase in cyber attacks relative to last year, the percentage experiencing an attack in the last 12 months fell to 45% from 62% in 2016.
So what is the reality? How much is cyber crime actually costing businesses and individuals across the globe, and what steps what can they take to stay protected?
Cost to companies
One of the most alarming statistics came from the 2017 Africa Cyber Security Report, which revealed that more than 90% of African businesses cannot afford to effectively protect themselves from online security threats. The lack of investment and experience to implement changes have had a startling effect, with Africa losing $3.5 billion as the result of cyber attacks in 2017, up from $2 billion just a year before.
The global situation is not much better, with the worldwide cost of cybercrime having reached $600 billion, or 0.8% of global GDP by 2018. This may sound bad enough, but that figure marks a 34.8% increase in just four years.
Of course, recovering from an attack will be expensive. This could include ransom payments, the cost of shutting down and recovering, loss of earnings and potential damage to your reputation. AVG estimate that this figure could typically be as in the region of £53,000, which for a small business could be the difference between surviving and already hostile high street and closing the shutters for good.
Some of the most detrimental effects of an attack are the number of days it can take to recover. The average in the UK suggests that resolving some of the most common attacks, phishing and ransomware, could take 20-23 days, at significant detriment to companies of all sizes.
What is the reason for rise in cyber crime?
One factor is the speed with which the business environment is changing. The move towards internet-dependent tools, cloud solutions, the implementation of smart devices in the office network and increases in mobile working, have all happened very quickly and resulted in many businesses not having sufficient security measures in place.
There is a significant gap between levels of security in businesses and the skills of cybercriminals, which is an issue caused by a number of factors. As technology advances, it makes the tools used by hackers more attainable and affordable. In response, businesses are required to continually increase the levels of spending and resources dedicated to security.
While larger companies may be able to do this, small businesses are less likely to have the resource available to keep up with the latest developments. As long as this gulf persists, the cost of cyber crime is likely to keep rising.
What steps need to be taken to stay protected?
Fatalism and uncertainty are becoming commonplace among business who are no longer confident of preventing attack, instead treating it as an inevitability that their company will face an attack in the near future – be it through insider threats or from somewhere in their supply chain.
While there is hope that governments and industry bodies will be able to lead on this issue, to build confidence within industries, the truth is that private companies will have to manage this as well as they can for the foreseeable future.
Thankfully, there are a number of steps that businesses of all sizes can take to protect the safety of their company. The first is training. With 88% of breaches being the result of human error, it follows that improvements in training and policy will help to reduce issues around account security, identifying suspicious communications and flagging issues at an early stage.
Second, is the effective implementation of tools. A simple and cost-effective step is to encrypt your connections by adding a virtual private network, or VPN, to the office network. By connecting to the internet via a VPN, your activity travels in a secure ‘tunnel’, protecting your communications and browsing history from unwanted third-parties. A mobile VPN can encrypt your traffic in just the same way as a desktop version, ensuring staff connecting to the office network remotely will not be doing so with unsecured connections.
Ultimately, the key to staying protected is awareness and a lack of complacency. While the costs of effective cyber security continue to rise as threats evolve, they are still significantly lower than the cost of becoming a victim of cyber crime. But if businesses are prepared to be proactive, monitoring their systems and investing time in the development of new company policy and practices, the risk around a potential attack could be significantly reduced.