Regardless of their digital footprint, any business with a reliance on technology is at risk of cybercrime.
In today’s digitised economy where threats to cybersecurity are continuously increasing, protecting data, infrastructure, customers, clients and third-parties against a breach is one of the biggest challenges that European businesses face. The financial and practical challenges that technology brings mean we are more interconnected globally thereby increasing the opportunity for cybercrime hence, the Catch-22 business leaders face - if a business doesn't go through a digital transformation there is a risk it may get left behind, and if it does there is an inherent and increased risk of cybercrime.
An in-depth survey of successful companies across Europe has been undertaken for RSM International by the European Business Awards, in order to understand levels of industry awareness of these cyber risks, the actions being taken to combat them, as well as the reaction to breaches taking place.
Digital transformation requires increased cybersecurity
In today’s fast-changing digitally-led economy, most businesses are currently going through some form of digital transformation, either to improve their offering or to streamline their operations, with many already seeing the benefits of financial investments made. The Catch-22 is that with this increased use of technology and collection of personal data, the need for protection increases. But not all businesses are actively protecting themselves against cybercrime.
Preparing for inevitable cybercrime
The majority of European businesses understand they are at risk from a cyberattack and many even believe they could have been the victim of a breach without knowing. However, coupled with this is a lack of confidence in their ability to protect themselves and a sense of inevitability and resignation to an attack, with many believing hackers will always outwit preventative software.
Who is responsible for cybersecurity?
There is a gap in senior management’s engagement and prioritisation of cybersecurity that needs to be addressed. Not only is there a lack of discussion around the risks at board level but there is also ambiguity over who is responsible for cybersecurity in the organisation. Ideally, the senior executives themselves should be accountable.
The consequences of GDPR on cybersecurity
The EU’s General Data Protection Regulation (GDPR), which came into force in May 2018, is identified as the key driver to businesses taking the first steps in cybersecurity. More than one year on from the implementation of GDPR, the legislation is justifiably seen as a champion of security, but there have been some unintended consequences.
The vulnerability of employees to cybercrime
When it comes to threats now and in the future, most businesses see human error as the core area of vulnerability with targeted attacks on staff via phishing, whaling and ransomware attacks being the most sensitive touchpoint. This assertion is consistently supported by all of the findings on data breaches that have already occurred.
The importance of reporting cybercrime
A significant number of companies in the survey admitted a security breach and gave details about how they had dealt with it and its impact. The findings confirm the critical role of the employee with most attacks identified by them and/or access gained through them. Positive direct action after the event is seen with investment in software, training and much needed IT security reviews. However, one key issue highlighted is the lack of transparency of the breach with 75% of breaches not becoming public knowledge.
RSM’s cybersecurity top tips
RSM’s ‘Catch 22: Digital transformation and its impact on cybersecurity’ report clearly shows that organisations must do much more to protect themselves. Businesses should not wait for a breach to occur before investing. A breach is inevitable and choosing to react rather than protect could create untold damage to an organisation .