A steady stream of high profile hacks and headlines over the past 12 months should leave little doubt about the importance of robust cyber-defence. Now, more than ever, cyber security needs to be firmly on the radar of board-room executives.
In the UK for example, the number of security breaches affecting businesses across all sectors reached a new high last year, affecting 93 per cent of large organisations and 87 per cent of SMEs. More worryingly, the average cost of these breaches has never
been higher, with several individual breaches costing organisations more than £1m.[i]
Moreover, in the financial sector, politicians, regulators and policymakers have become increasingly worried about the threat that cyber security poses to the stability of the global financial system. For example in December last year the World Federation
of Exchanges created its first cyber security committee to develop more information sharing on issues such as threat intelligence, attack trends and common policies, standards and technologies. More recently, the Bank of England published its report on the
financial sector cyber exercise, Waking Shark II, which highlighted the need for better industry collaboration and communication in response to cyber threats.
Yet despite this, new research commissioned by BT finds that this threat is not yet a boardroom priority in the majority of financial institutions. Just 28 per cent of finance CEOs see cyber security as an absolute priority while 59 per cent of IT decision
makers in the finance sector believe that their boards underestimate the importance of cyber security.
The study, which assessed attitudes to cyber security and levels of preparedness among IT decision makers across seven countries, reveals some interesting variations in attitudes towards cyber-security.
For example, four in ten (41 per cent) US business leaders across all sectors consider cyber security as a major priority, compared to just 20 per cent in Europe and 30 per cent globally. The research suggests that businesses in Europe and Asia-Pacific are
lagging behind their US counterparts in important areas.
What next for businesses?
The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organisations globally. It should also serve as a warning to organisations that the risks to business are moving too fast for a purely reactive
security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.
Adopting tight cyber security strategies must not be overlooked in 2014 and beyond, and should play a key factor in boardroom plans for long-term growth and success moving forward.
In response to emerging threats, across all sectors, three quarters (75 per cent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74 per cent would like to train
all staff in cyber security best practice. While just over half (54 per cent) say they would like to engage an external vendor to monitor the system and prevent attacks.
Encouraging signs, but it remains to be seen whether board level executives will take notice of the emerging threat that cyber security poses, particularly in the financial sector. The strategic importance of the industry as an employer and generator of
economic growth means that it must take seriously the importance of cyber security, especially with the implementation of new regulations such as EMIR and Dodd-Frank which require a huge amount of data about financial markets transactions to be recorded and
stored. As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and educate their people in the IT department and beyond.
[i] BIS/PwC research 2013