Around 75% SMEs were hit by cybercrime in 2016, according to the government's last Information Security Breaches Survey, with the typical cost to the victim organisation being between £75,000 and £300,000.
The technology landscape is moving at an astonishing pace, and with this comes the challenge of accelerating while also balancing the demands of day to day business.
Added in to this are the external threats related to cyber security that continue to evolve at a rapid pace, and incidents and breaches still hitting the headlines on a regular basis.
Progressive firms recognise that highly effective security should allow business to operate in an efficient and agile manner, with the added bonus of demonstrating to customers that security is taken very seriously.
Here, PwC’s Cyber team Colin Slater and John Whitehill share the main factors that businesses in Scotland should concentrate on, to help keep up with the pace of emerging cyber threats.
Senior management need to be continually educated and involved, setting a clear strategy for the Board and empowering their teams to make tactical choices with support from the right governance and frameworks.
Our Global State of Information Security Survey 2017*, found a rise in incidents attributed to service providers, contractors and suppliers or business partners. Only a third of UK companies have the Board involved in setting security budgets compared to the 39% global average, and even fewer (28%) get involved in the security strategy (42.5% globally).
Nonetheless, training and education of the Board is progressing and evolving with new technology, which in turn is supporting increased engagement. PwC’s Game of Threats cyber security interactive simulator aims to educate the Board on responding to a cyber attack. Feeling the impact, pressure and decision making process required during an incident focuses the mind and brings to life what a real event would feel like.
The rise of the ‘Internet of Things’ (IoT) has resulted in an increased need to proactively address cyber security and privacy risks. While opportunities are not always obvious for some industries, 46% of organisations are investing in a security strategy around IoT.*
History tells us that poor security is quickly evidenced in new technologies, and IoT is no different. The need to build security in from the start is absolutely fundamental to retain customer trust.
Data privacy and trust are now critical business requirements as increasing volumes of consumer and business information are generated and shared. Compliance with the General Data Protection Regulation (GDPR) will be a challenge requiring comprehensive risk assessments and technology change to simply meet the basic requirements.
There are also opportunities for businesses if they adopt a wider approach. Cyber security and privacy are enablers to safely develop new products, create market advantages and build brand trust, particularly when they are integrated with digital business ecosystems from the outset.
Forward-thinking businesses are pivoting toward a new model of cyber security: agile and capable of acting on analytic inputs and adaptive to evolving risks and threats.
Examples include automated machine learned hunting, artificial intelligence and options to piece together niche services in a ‘building block’ model to accelerate capability.
Adopting Cloud, for both services and Cyber security services as well, tests the faith where the easy assumption is that if you own it and run it security will be higher. The counter position is true, leveraging these services, who fundamentally rely on being secured to the highest levels, will be accelerative and in the near term allow organisations to speed up capability.
PwC’s national cyber security team are part of an international network, advising and supporting businesses large and small across different sectors with a large Scottish presence.
Colin Slater, head of cyber security PwC Scotland, said: “Businesses that approach cyber security properly will prosper, build trusted brands and have sustained value. Being brave and embracing the risks will reap rewards.
“PwC recently developed seven principles for the governance of cyber security to help businesses ‘step-up’ their response to cyber security as an existential risk issue, explain their approach to stakeholders and drive good practice.”
John Whitehill, director cyber security said: “Businesses need to consider all the steps of being cyber-secure. It’s not just about being aware of external risks but instead focussing on staff, systems and processes to help protect themselves against any cyber threats.”
To find out more, contact
Colin Slater, Head of Cyber Security, PwC in Scotland
Phone: (+44) 131 260 4010
John Whitehill, Director Cyber Security, PwC in Scotland
Phone: (+44) 7771 958 146
*The latest annual Global State of Information Security Survey 2017 by PwC, CIO and CSO is based on responses of more than 10,000 C-suite and security executives from 133 countries, including 479 respondents in Scotland, England, Wales and Northern Ireland.
Scotland, PwC United Kingdom
Tel: +44 (0)141 355 4000