UK Companies are expected to take their cyber security threats more seriously, explains one industry expert.
Above all, there should be a more dedicated spend to preventing and monitoring cyber threats, something that has been a grey area until now.
Whilst the 500,000 companies in UK will typically have business insurance of some kind, potential cyber threats is an area that is not fully covered for – largely because it is hard to quantify, value and provide an accurate quote for.
However, having a potential threat could be hugely expensive and overwhelming for a company, whether it is a leaking of data, phishing attack or ransomware. There was a reported 23,600 cyber attacks against UK companies in 2020 (Source: CSO Online), costing an average of $3.88 million per breach.
John Fitzpatrick, CTO of cyber security strategy and testing company, JUMPSEC, commented:
“The biggest, but probably least visible, change that we will see this year is much greater scrutiny over security spend. A lot has been spent on “silver bullet” tooling that has not really delivered in line with its price tag. Consequently, we will see organisations starting to approach things a little differently, a confidence to focus on getting their security posture right rather than being swept along with what everyone else is doing in order to be seen to be doing security.”
“Predictions aside, what we would really love to see more of this year is organisations talking publicly about security incidents and challenges in detail. Removing the pretence that they do not happen, pooling knowledge, lessons learned, and effective countermeasures will do more to boost security than all of the products about to hit the cyber security market this year.”
The costs involved in fixing a cyber attack are often very high, since it may include hiring professionals to fix the attack, new systems, business interruption, loss of income and damage to a company brand.
Fitzpatrick continued: “We may see a surge in non-email based phishing (e.g. SMS and other mobile messaging services). Email phishing will definitely remain, however, the lifetime for a phishing website is now relatively short. This is not the case for non-email based phishing where limited detection capability hinders a response.”