Cyber attacks use to be treated with irreverence – they seemed distant & intangible, myths relegated to the back pages. But now attacks are of increasing frequency. They are graver & their impact is palpable.
The recent WannaCry & Petya attacks prove our vulnerability is being exploited & practically ridiculed. The threat is unequivocal so why are we still so ill-equipped & slow to act?
The real cost of cyber crime
- £2.4 trillion: the price of cyber crime this year, with a projected increase to £6 trillion by 2021
- £220+ million: the cost of replacing compromised credit cards this year
- £42 billion: the amount lost in share price by companies due to cyber attacks
Despite the raw figures exposing our weaknesses, apathy still pervades. Investment in cyber security today is still not proportionate to exposure: £1.9billion government cyber security spend over the next 5 years may seem substantial but it will be wasted if we continue to be reactive, rather than peremptory. Only post-attack was £50million allocated to the NHS – this is not good enough. Legislation is increasing, with GDPR imminent, but is this really enough to jolt firms & government into action?
The industry perspective
The Cruxy&Co, Investec & SMAB breakfast roundtable debate consisted of 30 CICOs, CEOs & founders of Cyber firms, all highly opinionated & frustrated. The overarching theme was clear: there is ‘a lack of understanding’ when it comes to cyber security & that there is a core need to educate the audience in order to shift current attitude.
Many firms lie dormant due to a lack of leadership in cyber security. As a result, many companies lack a coherent strategy on investment focus. It is also often difficult to measure progress & success of cyber security investment.
Our analysis of CISO & industry player insight includes the following:
- Rise in the cyber security awareness (albeit without implementation & action) means the industry is full of cowboys: many offer a false silver bullet. Decision makers recognise this, become less trusting & thus slower to act.
- There is a sentiment that cyber security disables rather than enables. Cyber security vendors & technologies are quick to highlight the business’ vulnerabilities but often leave the business to rectify them or take advantage & bill heavily.
- 60% of cyber attacks are carried out by insiders – whether from malicious intent or inadvertence. This means humans are a major weak link in cyber security & moves the conversation to the delicate topic of how much monitoring of employees can and should the business carry out. This is dependent on decision maker’s morality vs. the consequences.
So what will it take for vendors to inspire firms to action?
- Fear desensitises & drives stagnation
Businesses understand & realise the potential impact of a cyber attack but the cyber security industry is built on the foundation of fear. Digital Shadows, Dark trace & Intruder all sell by scaring the customer into action. However, fear drives stagnation & businesses are becoming desensitised. Conversations need to flip to focus on inspiring firms to be on the front foot & highlighting the potential in doing so.
- Connect the dots for your audience
Vendors are so focused on delving into the features of their product, they often fail to articulate the problem they solve for the audience. Not only that, vendors often also fail to articulate how adopting their technology is directly link to their client’s revenue and growth. The need to connect the dots & help firms see how your technology fits into their plan & strategy to growth is crucial to instigate action.
- Don’t be like the rest of them
A quick trip to InfoSec this year revealed that cyber security firms all behave & talk in the same way, jargon-heavy & feature bashing. There is a need to create a distinctive market positioning & draw out core differentiators in a simple & concise way that resonates with the need & mindset of the business stakeholder.
Fortunately, there are some signs of movement towards increased cyber security: will the increased shift & focus in the development & investment towards cyber security shift the landscape? Albany investment is leading the way in developing the first cyber fund. There is hope, but we think it will take more than investment & government spend to create true cyber security.