THANK YOU FOR SUBSCRIBING
The Quintessential Technology Source for Corporate Financial Professionals
CFO Tech Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CFO Tech Outlook
Joseph Stokes, Head: Cyber Security and IT Governance, Telesure Investment HoldingsIt’s perhaps important to set the scene with some interesting and updated statistics to re-orientate ourselves with the current state of cyber-risks facing the world today. Ransomware alone was predicted to be a $1 Billion industry by 2018, in 2021 it cost the world $20 Billion, with current predictions stating it will reach a quarter trillion within the next ten years.
Cybercrime and its threat actors have evolved from individuals to groups and syndicates and have today developed into an entire industry and economy of its own with the advent of Ransomware-as-a-service (RaaS) and the popularization of initial access brokerages.
Today, the opportunity to make money from cybercrime is as easy as purchasing access through a brokerage, subscribing to a RaaS platform, and taking aim at a target, with the service provider taking a small cut of the ransom payment.
Financial services have become one of the top three targeted industries, being rich in the most valuable commodity in the world today – data.
Fintech and FS businesses have realized that without a continued focus on driving digital transformation and data-driven decision-making, being left behind is guaranteed. With this increased digital footprint in the form of cloud technologies, SaaS, API’s and various 3rd party and vendor interconnects; organizations have increased their exposure exponentially, often without realizing it due to the common misconception that the cloud is inherently secure. This might partially explain why the number one reason for security breaches in the cloud is caused by simple misconfigurations, brought about by inherent trust in the services to be secured by default.
The impact of such attacks and breaches can’t be overstated, especially when it comes to the reputational damage and loss of consumer confidence, without even mentioning the financial impact of recovery and remediation efforts, subsequent fines, and class-action lawsuits that often follow.
Markets today are more competitive than ever while consumers today are more discerning and tend to align with organizations on a personal and ethical level much more than a few years ago, with public outcries and calls for boycotts via social media being the norm today. Of course, this adds a lot of pressure to organizations to get it right, with so many who failed having been made examples of, and often for good reason – most organizations simply do not take cybersecurity and technology risk as seriously as they should be.
Herein lies the opportunity
Data and digital transformation are tickets to the game and should be treated as such. Protecting digital assets and the IT environments in which they reside should be top-of-mind, not as an afterthought, but as a principle of organizational operation, a strategic imperative. This means that cybersecurity should not be seen as an IT problem, and instead be pursued as a business opportunity, with representation and inclusion at the board and strategic levels.
Budgets are tight for businesses and industries around the world, but technology is only going to become more pervasive and more complex – and leaving security as an afterthought will become near impossible to have any meaningful effect.
Perhaps it would be more prudent to see the costs of information security, governance, risk, and compliance not so much as a grudge spend, but as a strategic investment in building the business of the future; responsible, reliable, and resilient.
Companies that can show that they take cybersecurity (and consumer data privacy) seriously because customer trust is a priority, have a unique competitive advantage in the markets of tomorrow. We can almost be guaranteed that the consumers of tomorrow will be even more demanding and more discerning than they are today and will definitely have a lot more options.
It’s also critical that organizations, as part of their digital transformation journey build on resilience capabilities and not just security. It’s not a matter of if, but rather when a major incident will occur. And when it happens, how quickly and effectively will the business bounce back and be ready for the next attempt, while still ensuring proper servicing of customers and acceptable levels of business operations?
The time has come to embrace the benefits of cyber resilience as a competitive advantage, instead of avoiding it and doing the bare minimum as part of a compliance check-box exercise. The more resilient an organization becomes, the better its chances of survival in the digitally enabled and data-driven future, with the confidence that consumers are not exposing themselves to risks they could never have imagined.
Read Also
