putilov_denis – stock.adobe.com
The threat of a successful cyber attack ranks as one of the most significant business risks organizations of all sizes and across all industries face. Business and IT executives have good reason to rate cyberthreats as a high-level risk — and to invest in a strong cybersecurity program for their company.
The volume and sophistication of cyber attacks have grown significantly since the first computer viruses emerged in the 1970s and the Morris worm became the first major internet-based attack in 1988. Moreover, the number of devices connected to the internet and corporate networks exploded during the past few decades. The reliance on IT systems for everyday business tasks also spiked in recent years, driven partly by digital transformation initiatives in companies.
Consequently, a single successful attack can have a catastrophic impact, with the potential to expose personal information, bring a company’s operations to a halt, cripple critical infrastructure and even physically harm people.
Recognizing the importance of cybersecurity, enterprise leaders in many organizations have increasingly prioritized it, seeking to implement more rigorous policies, procedures and technologies to defend against cyberthreats of all kinds — data breaches, ransomware attacks, phishing and more.
For instance, the “2024 Focus on the Future” report from software vendor AuditBoard identified cybersecurity and data security as the No. 1 risk category among surveyed risk management and internal audit executives for the third year in a row. More than 80% of the 453 respondents also put it in the top spot for expected audit efforts in 2024. Similarly, professional services firm PwC’s “2024 Global Digital Trust Insights” survey found that mitigating cyber-risk was second on the priority list among the 3,876 business and IT executives who responded, outranked only by managing digital and technology risks.
Such viewpoints are pushing up cybersecurity budgets. Consulting and market research firm Gartner projected that combined spending on security and risk management by user organizations worldwide will total $215 billion in 2024, a 14.3% increase over the $188.1 billion it estimated for 2023.
The following factors show why effective cybersecurity is seen as a necessary part of doing business:
The numbers on the costs of cybercrime are staggering. Here are some overall figures:
The list of cybersecurity incidents goes on and on. For example, a September 2023 ransomware attack on MGM Resorts International that used social engineering techniques to gain access to privileged user accounts cost the hospitality company an estimated $100 million and disrupted customer room access, casino games and other services. MGM said it expected its cybersecurity insurance policy to cover all the costs, but it also disclosed that the attackers stole personal information on some customers, including driver’s license, Social Security and passport numbers.
Caesars Entertainment was hit by a similar attack the same month. It paid a $15 million ransom, according to The Wall Street Journal, and likewise disclosed that the attackers obtained sensitive personal information on customers. In an SEC filing, Caesars said it took steps to “ensure that the stolen data is deleted by the unauthorized attacker, although we cannot guarantee this result.”
In another well-known example, a 2021 ransomware attack on Colonial Pipeline led to gas supply shortages in multiple U.S. states and cost the pipeline operator $4.4 million in ransom payments, some of which was later recovered by the U.S. Department of Justice. And Denmark-based shipping giant A.P. Moller-Maersk suffered upwards of $300 million in losses after a 2017 malware attack shut down the systems used to operate its shipping terminals around the world.
An organization that finds its cybersecurity defenses have been penetrated typically faces a long list of expenses as it seeks to repel the attack, restore affected systems and recover from the incident.
In addition to the required staff time, Eyler said organizations can expect to pay for outside technical support, inside and outside legal counsel, data breach notification costs and regulatory fines. They’ll also have costs due to lost sales and business opportunities. “You don’t know how far-reaching the costs are going to be when you’ve been breached,” he noted.
A company’s reputation with customers likely will also take a hit, which can translate into additional lost business in the future. Sembhi said the costs and consequences of an attack could even tank organizations — especially those without enough resources and reserves to weather the event’s aftermath. “With small businesses, one attack can take them out,” he warned.
The ramifications of cyber attacks have pushed many enterprise leaders — directors, CEOs, CFOs and other senior business executives, as well as CIOs and CISOs — to focus on improving their organization’s security posture.
For example, professional services firm Deloitte’s “2023 Global Future of Cyber Survey” found that 70% of more than 1,000 cybersecurity decision-makers said security issues were on their board’s agenda either monthly or quarterly. In addition, 86% said cybersecurity initiatives had made a significant contribution to at least one key business priority, including improvements in things such as customer trust, brand reputation and operational stability.
Such findings reflect a shift in thinking among executives who now see the cybersecurity program as an enabler of business operations, not merely a backstop for preventing losses.
“That’s the perspective companies have to have when it comes to cybersecurity,” said Fred Rica, a partner in the advisory practice at professional services firm BPM. “It allows them to do things they couldn’t do before, and it allows them to be more efficient, save money and be more productive.”
To illustrate the point, Rica cited the common business strategy of a company wanting to build a self-service portal for its customers. But that’s only feasible if the company has appropriate security measures to authenticate customers and is properly safeguarding their data, he said.
There’s no universal basis for what makes a strong cybersecurity program — each organization must determine its required level of security. To do so, Rica said companies should primarily think about whether their security efforts are appropriate from a business perspective.
That involves concepts such as risk appetite and risk tolerance and how much residual risk business executives are willing to accept. “If they’re comfortable that they’ve identified their risks, that those risks are managed and that the risks they’ve left on the table fit their risk profile, then they have a good program,” he said.
Organizations also must identify critical systems and assets and understand the particular cyberthreats they’re most likely to face, so they can invest in the right amount of people, processes and technology to mitigate security risks to an acceptable level, Avakian said. He added that developing a cybersecurity strategy is an ongoing exercise because “things change all the time.”
Other key elements of creating a successful cybersecurity strategy include the following:
The following best practices can help create an effective cybersecurity program:
Mary K. Pratt is an award-winning freelance journalist with a focus on covering enterprise IT and cybersecurity management.
Top cybersecurity best practices to protect your business
What is attack surface management and why is it necessary?
Remote work cybersecurity: Risks and how to prevent them
Benefits of outsourcing your cybersecurity operations
What is the future of cybersecurity?
OpenRoaming and Passpoint both provide users with internet access outside of their coverage area via Wi-Fi, but they differ in …
The challenges of managing networks during a pandemic prompted many organizations to delay SD-WAN rollouts. Four trends, however,…
5G touts better security controls than 4G, including stronger encryption, privacy and authentication. But enterprises need to …
What’s happening in the metaverse? More than you might think. Read about three areas for growth, the concept of spatial computing…
A BPM approach to transformation enables companies to continuously improve and reinvent their business processes, injecting …
The job is as big and challenging as ever. In 2024, CIOs will be asked to find business value in GenAI, mitigate AI risks and …
There are significant differences between the various copilots that Microsoft has brought to market. Find out details about two …
Copilot for Microsoft 365 offers AI-powered functionality to users, but there’s more to consider before installing it. Data …
The simplest way to fix a broken Windows 11 registry is to restore a backup, but that isn’t always possible. Find out different …
Cloud readiness, storage costs, network lag and metrics can make or break the choice to move data, applications and workloads to …
Hybrid cloud’s benefits are many and varied but so are the security issues surrounding integration, compatibility, governance, …
For businesses contemplating the advantages and disadvantages of their applications living in a distributed cloud infrastructure,…
The mass adoption of cloud environments is pushing strained CISOs to the brink and a lack of attention to logging isn’t helping. …
Electronic prescribing will be deployed in both primary and secondary care, while a shared medicines record will be live by the …
With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness …
All Rights Reserved, Copyright 2000 – 2024, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
