Justin Shattuck, CISO at Resilience, tells us what constitutes good cyber-resilience. He tells us: “Cyber-resilience plans must be specifically tailored, with key decision makers from CEOs to CISOs striving to be on the forefront of cybersecurity.”
Cybercrime has emerged as one of the fastest growing illegal enterprises, exploiting the opportunities presented by our increasingly digitized world. In the first quarter of 2023, weekly cyberattacks saw a concerning 7% surge worldwide, expanding the terrain for cybercriminals.
While the threat of cyberattacks has increased across nearly all sectors, financial and government bodies have proven some of the most harshly affected. A recent survey revealed that data breaches against financial corporations cost an average of US$4.35 million per attack last year. As the major companies further digitize their operations and embrace new forms of technology, the opportunities for cybercrime will continue to rise. Consequently, robust cybersecurity profiles are no longer a luxury, but a necessity.
Crucially however, all major sectors have different priorities when it comes to cybersecurity, identifying a need to develop holistic, tailored packages based on expert advice. As cybercrime rises in complexity, all sectors must embrace cyber-resilience to maintain trust and operational efficiency.
Cybercrime and the financial sector
Cyberattacks represent major threats to the financial and commercial sectors – not only due to their visible economic damage but because of their impact on trust and reputation. By investing in a company, consumers are demonstrating trust in a business; whether that’s in terms of their message or their competency. Successful cyberattacks not only inflict financial losses, but also signal a breach of this trust.
The repercussions of reputational damage can escalate far beyond initial predictions and undermine a company’s economic viability. Trust and reputation are crucial investments for businesses; any organization perceived to be unreliable in safeguarding customers’ personal data risks losing its standing in the eyes of its clientele.
Consider the cyberattack on Equifax in 2017, which exposed personal data stolen of nearly 146 million US customers, and a further 15 million British residents. Following the attack, Equifax’s shares dropped by more than 13%. The reputational damage had directly influenced the businesses financial standing and fundamentally weakened the former trust of its customers.
The health of financial businesses can be measured by the level of trust its customers have in it. Therefore, it is necessary for financial sector businesses to prioritise robust cyber-resilience strategies through reassessing their social risk profiles and developing clear incident response plans to crisis situations. With a reported 1,829 cyberattacks against the global financial industry in 2022, cybersecurity should remain one of the foremost priorities for financial sector businesses moving into 2023. Failure to display the proper sensitivity towards cybercrime, risks both the trust of their customers and the credibility of their operations.
Cybercrime and the government
As reliance on cyber technologies rises across major organizations, government bodies have emerged as particularly attractive targets for cybercriminals. A 2022 report revealed a 95% rise in cyberattacks against government entities with highly sensitive data that can be extorted, including personal information of citizens and confidential communications pertaining to laws and foreign relations.
Such data influences the governance of a country itself, making it invaluable and thus an alluring entry point for new forms of cybercrime. Ironically, the influence and reach of government entities render them both lucrative targets and among the most challenging to protect. In terms of economic impact, cyberattacks against the government are uniquely damaging by virtue of the size of their operations, with economic consequences being much more notable as a result. For instance, the UK government estimated that the cost of successful cyberattacks against the government would soon reach a height of nearly £2.2billion per year.
The size and influence of government bodies equally, makes them extremely difficult to protect without a codified, directed action plan. Identifying fault lines and cyber vulnerabilities in an institution as vastly interconnected as the government is complex, however this means that the damage caused by a successful attack can have far reaching consequences on several different sectors. For instance, the UK government projects a 25% chance of a critical cyberattack on the country’s cyber infrastructure before the end of 2023, with the electricity sector identified as a target. Given the foundational role of this sector in sustaining other industries, a successful government cyberattack could have far-reaching repercussions, such as shutting down the operations of multiple other industries entirely.
Hence, government institutions cannot settle for a patchwork approach to their cybersecurity profile. Having an awareness of their cyber vulnerabilities means nothing if shrewd hackers can breach defences, and insurance plans offer little solace without robust protective measures. To achieve genuine cyber-resilience, government bodies must develop comprehensive strategies capable of balancing values of cyber insurance and security. In an ever-evolving digital world, a siloed approach to cyber insurance and security is no longer enough – as cyber-risk becomes increasingly complex, actionable cyber hygiene strategies become essential. This is particularly the case for government institutions, who face uniquely dangerous cyber-risks and thus need an equally unique cyber strategy.
What constitutes good cyber resilience?
The World Economic Forum described 2023 as a ‘consequential year for cybersecurity’. Indeed, across all major verticals, this has proven to be true. Decision-makers must evolve their cybersecurity strategies in response to the highly aggressive cybercriminals that have begun to develop influence in nearly all major verticals. In an increasingly digitized landscape, where values such as trust, economic efficiency and governance are interlinked, approaches to cybercrime must be more proactive.
Stringent risk assessments are essential in this process, allowing decision-makers in major verticals to identify structural weaknesses in advance and educate employees on the most common cyber-risks and how to respond to them. Equally, all sectors should enhance their approach to cyber insurance. As cyber-risks can never be entirely mitigated, robust incident response plans are essential to withstand cyberattacks without damaging trust amongst customers or citizens.
These cyber-resilience plans must be specifically tailored, with key decision makers from CEOs to CISOs striving to be on the forefront of cybersecurity. Creating an approach which reflects such distinct priorities, necessitates the guidance of cybersecurity experts. Organizations such as Resilience specialise in demystifying the complexity of action plans, offering clear and tailored cybersecurity advice and analysis that respond to the needs of each business.
In the digital age, cybersecurity is an increasingly intricate matter, one that major verticals must wholeheartedly embrace to secure their operations and protect the trust of their stakeholders.
Click below to share this article
