A recent survey carried out on our behalf by research company Ovum found that 48% of organizations think that in a year’s time, an assessment of their cybersecurity will show improvement. Only 3% think that their cybersecurity position will have worsened. Most companies also think they are doing well compared to their competitors; a mere 6% think their cybersecurity is below average and 54% think they’re above average or a top performer. This is statistically unlikely. It seems that many are taking an optimistic view of their cybersecurity. Could a lack of objective measurement be to blame? Here’s what our survey participants said: It is encouraging to see that 94% carry out some form of assessment. However, consideration must be given as to how objective the methods used are. 38% of respondents say they self-assess based on their own criteria, this is the largest and possibly the most worrying category.... [Read More]
Many of you reading the headline will be thinking – yes we do! We are even getting bored of talking about PSD2. But I’m not talking about us in our payments bubble. I’m talking about the general public. Small business owners and people in love with their Amazon 1-Click don’t know that PSD2 is about to rock their world, or at least change how they take and make payments. Last night I went to a local pub and while sipping my Merlot noticed a sign behind the bar “50p surcharge on card payments below £10”. It’s not unusual to see variations of this sign in small businesses, and no one has told them that from January they won’t be able to surcharge. I spoke to the barman, who turned out to be quite savvy about card payments, but he hadn’t heard of PSD2 and didn’t know that this would happen.... [Read More]
Given the significant consequences that face board members in breached organizations, you might expect that they are giving cybersecurity their full attention – but are they? Our recent survey with research and consulting firm Ovum sheds a revealing light on this. Do they think the problem will go away? No one is expecting cyber-attacks and breach attempts to stop, and only 1% of respondents think that levels of attack will go down in the coming year, while 62% expect the rates of attack to increase. This reflects recent experience in their own organizations, 60% have experienced an increase in attempted data breaches in the past year, 24% of those polled have seen attempts increase in volume by more than 25%. Verdict: Not complacent – they recognize that cyber threat is on the increase. Are they investing enough to fight cybercrime? Although 62% of organizations expect cybercrime attack rates to go... [Read More]
Last week alone, a New York hospital, a US car washing business and a UK online retailer all suffered headline-making data breaches. There is no fool-proof cybersecurity defence, so businesses of all sizes need to consider not only how they can prevent breaches but also determine what they will do should the worst happen. Additional losses are heaped on companies that fail to manage the fallout from a breach well. Poor customer communication, disastrous PR and a slow or ineffective response all damage reputation, lose customers and worry shareholders. Despite this, a new, independent cybersecurity survey we commissioned with independent research and consultancy firm Ovum shows that only 51% of companies surveyed have a tested data breach response plan. Looking across the six countries we surveyed, it’s clear that some are doing better than others, though none had excellent coverage on this question. The Norwegians are top of the class... [Read More]
Cybercrime against businesses and other organizations is undoubtedly a hot topic, with regular news headlines and cautionary tales of those who have been breached. We wanted to understand the changing views from the C-suite about cybercrime, what they have been doing to tackle it and what they plan to do next. To find the answers we engaged research analysts Ovum to carry out an independent research project for us across 6 countries – and the answers are on the way! We want you to join the conversation so we’ll be releasing key statistics from the research in a Tweet Chat on 1st June at 4pm BST / 8 am PDT – please tweet along #cybertrends and join us to find out: The types of organization that are looking to invest in cybersecurity in the coming year. The industries that have been experiencing the biggest increase in attacks. The country where only 41% of... [Read More]
Cyber-attacks are hitting the headlines on a daily basis and a lot of effort goes into both preventing them and dealing with the consequences when they have happened. Understanding the motivation behind attacks can help organisations understand more about the risks they face so that they can tackle them. So why do cyber-attacks happen? 1. For financial gain This is the most likely reason an organization get attacked. Criminals are looking to gain financially in three main ways: Data breaches to feed identity theft. Third-party fraud is fuelled by identity theft, and breached data gives criminals the information they need to take over someone’s identity. In the UK the CIFAS Fraud Scape 2016 highlighted a 49% growth in identity theft over the previous year. Criminal gangs are well-organised and operate on a commercial basis – there is a supply chain, those that steal data are unlikely to be the same criminals... [Read More]
Cybersecurity scoring is similar in many respects to scoring for credit risk. Credit scores are widely used to underwrite loans large and small, and are trusted by both lenders and regulators as reliable, quantitative tools for assessing risk at both the loan level as well as the portfolio level. They enable lenders to price for risk, and have served not only to expand the availability of credit to consumers of all stripes, but also add valuable elasticity to the economy. As with credit scores, the best cybersecurity scoring solutions use empirically derived predictive analytics to profile business systems and the environment they operate in – including inferred behavioral and policy indicators – to derive a score. These scores can tell you how likely your organization is to suffer from a data breach – they provide a forward-looking assessment of an organization’s overall cybersecurity posture. Cybersecurity scoring is a relatively new... [Read More]
Fighting cybercrime is often associated with preventing loss rather than generating a tangible benefit for your organization. However, understanding cybersecurity isn’t only about tackling the negative. If you understand your organization’s cybersecurity posture, you can not only prevent loss but also benefit in at least two ways: 1. Working with customers, partners and prospects. Customers worry about the cybersecurity risk you as a vendor could introduce to them. Tackling this issue can lead to lengthy questionnaires as part of their procurement process. However, with a good understanding of your cybersecurity posture, you have much of what is needed to provide the answers quickly and easily and in a way that is easy to understand. When you can demonstrate good practice and benchmark your cybersecurity posture with your competitors, you gain a competitive advantage. 2. Getting cyber insurance. Cyber-readiness is increasingly a necessity for organizations, but for insurance underwriters, evaluating an organization’s cybersecurity... [Read More]
The 4th Anti-Money-Laundering Directive (4th AMLD) is being enacted in the UK and this has increased regulatory pressure when it comes to tackling money laundering. Falling foul of the regulator has serious repercussions, including large fines, in the tens of millions of pounds for some offenders, loss of reputation and increased regulatory scrutiny. Given the high stakes, it is perhaps not surprising that organizations have looked to off-load any business where they consider there is a possibility that money laundering could happen. This has sometimes led to the closing of accounts or the refusal to open new accounts for groups of customers. Known as de-risking, this may seem an intuitive answer to managing the risk of money laundering, but it is not without its own complexities and risks. The Financial Conduct Authority (FCA) wants to ensure that if banks and other regulated financial organisations do de-risk, it’s in a manner... [Read More]
