by Bharat Mistry
We’ve been talking about the importance of elevating cybersecurity to the boardroom for decades. And despite the growing number of errant companies out there suffering high profile data breaches over the years, there are many CEOs who still don’t get it. That’s why we were interested to read a new piece of research linking serious cyber incidents for the first time to share price performance.
It revealed that severe breaches on average cost public companies 1.8% of their value, running into £120 million for a typical FTSE100 firm. That should be enough to make any board sit up and take notice, and begin plans to implement effective layered security to mitigate cyber risk.
It’s just part of the message we’ll be taking to the Infosecurity Europe show in London this June. So be sure to drop by Stand D25 to find out more.
Threats keep growing
We all know the threat from cyberspace is growing more acute every day. UK firms now have not only organised cybercriminals to worry about but state-sponsored operatives, lone wolf hacktivists and even their own staff. How bad has it become? Trend Micro alone witnessed an increase in new ransomware families of 752% last year, while Business Email Compromise (BEC) scams cost organisations on average £110,000 per attack.
Even more telling: the Smart Protection Network blocked nearly 82 billion new threats in 2016, a 51% year-on-year increase.
Yet it’s been a struggle for many CISOs to get their boards to appreciate the scale of the threat from cyberspace and the risk it presents to their company. Most major firms might have a CISO or similar now, but does he or she sit on the board? The good news is that UK firms are spending a lot more on cybersecurity – £6.2m in 2016 as opposed to £3m in 2015, according to PwC. But is it being spent in the right areas? That same PwC report claimed just a third of boards are involved in the security budget and only 28% get involved in strategy.
Share price alarms
That’s why it’ll be interesting to see whether this new report has any impact. Conducted by respected global advisory firm Oxford Economics, it reveals the huge financial implications of “severe” or “catastrophic” breaches. Two-thirds of those firms studied saw a negative impact on their share price and in some cases the victim company’s stock market value dropped by a massive 15%.
Those figures are chilling even given the lack of current transparency around breach notifications. The European General Data Protection Regulation (GDPR) will see to that, enforcing mandatory breach notifications from May 2018 which will drive-up potential share price losses even more.
Time for layered security
Hopefully these findings will help to persuade senior board members to pay more than lip service to cybersecurity. So what should they be doing?
Investing in cyber-insurance and effective staff training programs, of course. But on the product side, their CISOs need to approach the issue in a holistic manner. That means layered security from the endpoint all the way to the cloud, via the network and datacentre. There’s no silver bullet solution to the broad sweep of threats facing firms, so they need a wide range of tools and techniques, all talking to each other and managed from a single point. That could mean everything from basic signature-based tools to behavioural analysis, app whitelisting and advanced high-fidelity machine learning. Fail to act now, and it could prove costly in the long run.
We’ll be sharing the importance of our own layered security approach – Xgen – at Infosecurity Europe this year. So be sure to drop by our stand (D25) at the show to hear more about how Trend Micro can help your organisation benefit from maximum protection with minimum impact to performance.