Chief Underwriting Officer
Whether it’s Russian trolls manipulating voters, ransomware encrypting your data, or social engineers trying to run off with your life’s savings, cyber-crime is a billion-dollar business. So, if you’re not already thinking about cyber-security, you really should be.
But, if you’re a startup or small business with limited expertise and resources, cyber security can seem like a losing battle against increasingly sneaky and sophisticated cyber-criminals. So, is it really worth the investment of time and money? And can we ever be truly safe from cyber-crime?
How big is the threat?
Let’s not beat around the bush. The threat posed by cyber-crime is real and it’s growing, with global cyber-attacks up 63% in the last three years. Cyber-crime is even thought to be overtaking the illegal drugs trade in terms of profitability.
Every bright new advance in digital technology has its cyber-crime shadow. Right now, for example, black hats and white hats are engaged in an arms race over AI. AI has huge potential in spotting and eliminating criminal behaviours (set a ‘bot to catch a ‘bot), but there’s equally huge potential to use it for fraudulent and criminal purposes.
Similarly, the Internet of Things provides new and concerning avenues of attack. For a start, many smart appliances aren’t as secure as they could be. And as the internet becomes increasingly interwoven with our devices and appliances, cyber-crime could start encroaching more and more into our daily lives.
For businesses, there’s a lot at stake, with 71% of consumers saying that they’d stop buying from a company if it fell victim to a data breach. Yet, despite the potential financial and reputational hit, it still takes companies an average of 191 days to identify data breaches, while roughly one in five files still aren’t protected.
How effective are security measures?
So much for the bad news. The good news, however, is that cyber security technology and practices are gradually catching up, as the skills-gap in cyber-security is steadily being filled. Professional, educational, and governmental establishments are all pouring funding and resources into cyber-security training and the field is expanding like never before.
Having said that, security measures are only as good as the people and fallbacks you have to implement and deal with them. There are some great security resources out there, but to be as safe as you can be, you need to ensure all your people are clued up on the threats, how to minimise them, and what to do if you do get hit.
For example, while the Cloud is safer than it’s ever been, human error can still cause serious problems. The grand majority (95%) of cloud security failures are attributable to the user, rather than to an error on the part of the provider. So, it’s vital to have the right processes, access controls and password management practices in place - or all the fancy tech in the world won’t save you.
Similarly, while smartphone cyber-security does exist, it’s not utilised as often as it should be. Cyber-criminals are becoming increasingly adept at attacking through smartphones and mobile networks, with mobile malware up 40% in 2018. In many cases, people simply aren’t used to installing security software on their non-desktop devices, meaning that this aspect of security is often overlooked.
Are things improving?
Thanks to increasing security skills, awareness and the development of security technology, there have been some notable wins for cyber-security in the recent past. For example, while ransomware attacks were a huge and rising issue just a couple of years ago, figures showed that they dropped significantly last year.
A big factor in this improvement is that businesses and individuals are a lot more data-conscious than they used to be, thanks to high profile government and industry campaigns, not to mention new regulations, such as the GDPR brought in last year. Recent research also showed that SMEs are planning to increase their cyber security budget this year.
People are becoming more aware of the importance of privacy measures like password protection, being careful about what files they open, and the level of access they allow. All of this makes life harder for cyber-criminals. And things are also changing at the top level, with new cyber-security-based leadership roles emerging, such as CCCO (Chief Cyber-Crime Officer).
Unfortunately, cyber-attacks are now a part of life and, even with improved cyber security expertise, we can never be totally safe from their tentacles. However, progress in recent years shows that staying up to speed with the latest threats and innovations, and building a cyber security culture, does make a big difference in keeping the cyber nasties at bay. And by getting cyber insurance and understanding how to spot attacks and how to deal with the aftermath, businesses can greatly minimise the reputational and financial damage they’re capable of wreaking.