In today’s volatile conditions business leaders need to account for many risks. For example, data from a recent survey by the World Economic Forum (WEF) shows that global leaders identify several economic, geopolitical, social and technological risks, with the first five priorities being: Unemployment or Underemployment (1st), Fiscal Crises (2nd), Failure of National Governance (3rd), Energy Price Shock (4th) and Profound Social Instability (5th). Indeed, topics of geopolitical instability, economic risks and terrorism, which was ranked 10th in the survey, have been on the table for some time now. Apart from these risks though, it seems that executives are increasingly worried about cyber risks too, and rank cyberattacks as the number eight risk on a global scale.
This past September, Equifax, the US consumer credit reporting agency, revealed what could be called the biggest data breach ever, as the personal information of 143 million Americans got compromised. Although termed ‘biggest’, the Equifax example is far from the only big data breach of recent years. Apart from big data concerns, there also seem to be real concerns over robotics, which can be hacked to then start spying on the owners, for example. Finally, the ongoing allegations of the US election hacking make it clear that cyber security is also a growing threat to global affairs. Given all that, the worry at both governmental and business levels is unsurprising.
A recent Forbes contribution highlights that for companies cyber risks and cyber security is not just an IT problem anymore, it is rather a business issue. Companies are constantly increasing the number of devices used for business, and with the upcoming wave of automatization, the number of devices and machines vulnerable to hacking is increasing too. Referring to the international reach and cost of recent breaches, the authors argue that it could not be clearer that cyber security is a critical business matter. In addition to possible data theft that Equifax had to deal with, cybercrimes might include market manipulation, disinformation of clients, disruption of processes and so forth. Thereof, there is possibly direct impact on customers, and hence businesses as a whole. Naturally, a business issue also requires an overarching business security framework, which for example considers the business context on a large scale and defines policies and standards on a local scale.
A recent research from Grant Thornton reveals though that in spite of a common threat, businesses around the world approach cybersecurity differently. Before data can be protected, businesses need to recognize the value of the data they hold and identify where the most valuable or vulnerable data sit. The research indicates that this job of risk assignment is done better by businesses in Asia Pacific, Africa and ASEAN, whereas in the West, which has experienced more cyberattacks, seems to be lagging behind. For example, only 54% businesses in the US, 50% in the UK and 40% in France make an explicit effort to assign risk profiles to data, compared to 78% in Thailand, 70% in Malaysia and 61% in China. As Paul Jacobs, cyber security expert at Grant Thornton, said, ‘these figures should serve as a wakeup call to many organizations’. Indeed, cyber security is not a ‘nice to have’ anymore… for global businesses it’s a ‘must have’.