Reducing Cyber Risk is a Top Priority … but Challenges Still Remain

Troubling economic conditions, ongoing supply chain disruptions, and talent shortages are all looming large as key issues for companies around the world. Yet, when asked to nominate their biggest source of concern, most point squarely at cybersecurity.

It’s a situation that is unlikely to change any time soon. With the threat landscape evolving rapidly and a need to constantly evolve defences, many organisations are seeking guidance on the strategies that will afford them the best possible protection.

The challenge was highlighted in a survey[1] conducted by cybersecurity firm Sophos. It found that, in 2022, 80% of respondents reported they had experienced a ransomware attack during the previous year. This is of particular concern for mid-market firms because, while they face the same risks, they lack the staff and infrastructure required to identify and respond to cybersecurity threats.

Unpredictable conditions

Although the global pandemic and its lingering impacts on business tended to be critical concerns during the previous two years, the biggest issue in 2022 became the increasingly fragmented and unpredictable nature of the world.

According to the Global Cybersecurity Outlook 2023[2], developed by the World Economic Forum in collaboration with Accenture, the outcome of this turbulent environment is that business leaders are more aware of their organisations’ cyber security issues.

The report also highlighted the fact that the nature of cyber risks being faced has evolved. This is because cybercriminals now tend to focus more on business disruption and reputational damage.

Other factors shaping risk profiles include geographic and global politics together with the impact they are having on national economies. Concerningly, 91% of the survey respondents believe a catastrophic cyber incident is likely to happen sometime in the next two years.

Digital transformation

Amidst these conditions, many organisations are continuing to undertake significant digital transformation projects.

This adds new challenges as combining emerging technologies with legacy IT systems increases both the complexity of digital environments and their cybersecurity risk. Business leaders, therefore, need to balance the value of new technology with the potential for increased risk across their organisations.

When it comes to regulatory compliance, executives are more likely to see data privacy laws and cybersecurity regulations as a plus rather than a minus. Despite the challenges associated with compliance, business leaders understand that regulations incentivise much-needed action on cybersecurity and so take them into account within their digital transformation plans.

Challenges in the decade ahead

These trends are also projected to continue throughout the next decade. According to the World Economic Forum 2023 Global Risks Report[3],  the ongoing rapid development of new technologies will pose its own set of risks.

The report says the ever-increasing intertwining of technologies with the critical functioning of societies is exposing populations to direct domestic threats, “including those that seek to shatter societal functioning”.

As well as an ongoing increase in cybercrime attempts to disrupt critical technology-enabled resources and services will become more common. Attacks are forecast to have an impact on everything from agriculture and water supplies to financial systems, energy supply, and communication infrastructures.

Overcoming the hurdles

Faced with these sobering realities, increasing numbers of business leaders now acknowledge that cybersecurity is a vital enabler for innovation and growth. They understand that any hurdles which are slowing its deployment and management need to be identified and removed.

This outlook is also influencing the way investments are being made in risk-management tools and organisational processes. The change is particularly evident in businesses that have already suffered an attack and experienced the effects of not taking care of their cyber risks.

Interestingly, cyber risk reduction activities are not limited to corporate systems and data but are also covering supply chains. This is because businesses increasingly realise that, even if their own infrastructure is secure, they can still fall victim to an attack against one of their suppliers or partners.

Another hurdle that often has to be overcome is the retention of cyber insurance cover. Cyber insurance is an emerging means for mitigating the damage from cyberattacks, however, a prerequisite is being able to demonstrate that required security controls and processes are in place.

By focusing on overcoming these hurdles and ensuring their cybersecurity defences are as robust as possible, organisations can be best placed to withstand attacks should they occur. It’s clear the challenges are not abating any time soon, and so the time for action is now.

Craig Somerville, Managing Director and CEO, Somerville