September 29, 2015
Ashley Madison and Sony are the high profile victims of cyber-hacking, but with hacks becoming more prevalent, nearly half of firms are putting themselves in the firing line by having no comprehensive strategy to prevent digital crime, the latest Grant Thornton International Business Report (IBR) has warned. It says the total cost of cyber-attacks globally are estimated to be more than £200bn (US$315bn*) over the past 12 months and more than one in six businesses have faced a cyber attack in the past year. The UK government has classified cyber security as one of the four top threats to the UK, alongside natural disasters, international terrorism and military invasion. The global survey of 2,500 business leaders in 35 economies found that 15 percent of businesses have faced a cyber attack in the past year, with businesses in the EU (19 percent) and North America (18 percent) the most heavily targeted.
However, no region has been immune. Regionally, cyber attacks are estimated to have cost Asia Pacific businesses $81bn in the past 12 months, while firms in the EU ($62bn) and North America ($61bn) are also counting the significant cost of attacks. Further analysis of the results reveals that the average ‘successful’ cyber attack costs businesses 1.2 percent of revenues. But despite this risk, only just over half of firms surveyed (52 percent) said they currently have a cyber security strategy in place.
Manu Sharma, head of cyber security and resilience at Grant Thornton UK LLP, said: “Cyber attacks are an increasingly significant danger for business. Not just the costs in terms of financial penalties, but serious reputational damage and loss of customers and business can be inflicted if attacks undermine customer confidence. Despite this, some firms still lack a strategy to deal with cyber threat or even understand the risks to their organisation.
“Businesses cannot afford to be behind the curve on this threat. Cyber attacks can strike without warning and sometimes without the victim being immediately aware. The pressure from customers and clients cannot be ignored. In this digital age, rigorous security and privacy is expected. If this cannot be guaranteed the ultimate risk is they will simply go elsewhere.”
Grant Thornton’s research reveals that the sector most concerned by the threat of a cyber attack is financial services (74 percent of business say it is a threat) – this is also the sector with the joint-highest recorded instances of cybercrime (26 percent). At the other end of the spectrum, only 10 percent of transport firms globally have reported a cyber attack in the past 12 months and just 27 percent perceive it as a threat.
Where businesses are implementing cyber security strategies, the number-one driver cited is client/customer demand (44 percent). 42 percent of business have implemented a strategy because of an increased use of automation and other emerging technologies which could leave them exposed.
Manu Sharma added: “Many of the perpetrators of cyber attacks are sophisticated, heavily resourced criminal organisations or could be state sponsored. As the digitisation of business continues, it is vital that businesses take the cyber threat as seriously as the criminals attempting to attack them. Otherwise, cyber attacks will continue to escalate in frequency and scale.
“Vigilance alone won’t keep businesses safe. Proactive and detective measures are need to work together to minimise the threats. This is an issue which needs to be on the agenda in boardrooms as well as business departments. Management teams need to be driving cyber strategies which boost awareness of the threat among all staff, and of the policies and procedures in place to deal with the threat. Just as critically, clients and customers also need reassurance that effective controls are in place.”