The heavy price of ignorance
With the rate of how fast and vast cyber attacks can spread throughout the world, it is still surprising to note there are still plenty of major organisations and companies that are unconcerned about beefing up their cyber security system despite having most of their dayto-day workflow synced with some form of ICT tools that is connected to the digital world.
While reports show that there has been a rise of concern regarding cyber risk but few company leaders are aware of the full extent of damage caused by a cyber breach, or the full costs of it.
It takes just one oblivious employee, or one phishing email, or one virus, to corrupt a whole system and disrupt a week or even years’ worth of business and cost a company millions.
According to Cisco’s 2017 Annual Cybersecurity Report (ACR), over one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 per cent.
A study issued by IT consultant CGI and Oxford Economics showed that cyber security breaches erode companies’ share prices permanently, with financials the worst hit
Investors in a typical FTSE 100 firm would be worse off by an average of 120 million pounds or approximately US$156 million after such a breach, the report said. Overall the cost to shareholders of these 65 companies would be in excess of 42 billion pounds (US$52.40 billion).
In some extreme cases, it pointed out that breaches have wiped as much as 15 per cent off affected companies’ valuations, substantially more than this sum.
Severe cyber security breaches, such as those having legal or regulatory consequences, involve the loss of hundreds of thousands of records and hurt the firm’s brand, caused share prices to fall on average 1.8 per cent on a permanent basis, the analysis of 65 companies affected since 2013 globally has found.
“Financial services experience the greatest burden in terms of impact, reflecting the high levels of
regulation, the importance of customer confidence and the potential for financial fraud to be a facet of the breach,” the report said. Overall, Cybersecurity Ventures predicts global annual cybercrime costs will grow from US$3 trillion in 2015 to US$6 trillion by 2021.
These include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
With the growing threat of ransomware, reports show that the cost of cybercrime could run up to billions more, yearly.
With that much amount of finances and brand reputation at risk, still, in Malaysia, about more than 50 per cent of Malaysian companies are unsure about their cyber security system.
According to PricewaterhouseCoopers (PwC) Malaysia’s Global Economic Crime Survey 2016 report, while almost half of Malaysian organisations (42 per cent) see an increased risk of cyber threats, more than half (54 per cent) are unsure of whether or not they are at risk. This indicates a worrying lack of understanding of cyber risks in Malaysia’s corporate landscape.
“Responsibility for redressing cyber vulnerabilities starts at the top. Yet our survey suggests that many boards are not sufficiently proactive regarding cyber threats, and generally do not understand their organisation’s digital footprint well enough to properly assess the risks - despite the fact that in several countries, boards have a fiduciary responsibility to shareholders when it comes to cyber risk.
“Surprisingly, less than half of board members globally actually request information about their organisation’s state of cyberreadiness,” it reported.
It further pointed out that only 35 per cent of Malaysian respondents to its survey say that they have a fully operational cyber incident response plan. It highlighted that three in ten have no plan at all, and of these, nearly half do not think they need one.
BAE Systems Applied Intelligence Cyber Defence Asia Pacific & Japan vice president Gundeep Singh Sandhu said: “In our research we found that 95 per cent of respondents believe their organisation has the right security controls in place.
“Yet more than half (51 per cent) of those surveyed said they had experienced a cyber attack in the past year, with the average cost being at least RM1.712 million.”
Cyber risks are constantly on the rise at a faster rate, now.
Hence, businesses and agencies need to ensure that their systems are protected from these threats that are seen as getting more prevalent and sophisticated.