Clearly, then, rising costs are not simply a temporary issue that we must get through. We must instead carefully plan for how we will deal with increased costs on a permanent basis.
One apparent measure is to look at ways your organization can cut costs. For better or worse, the most likely targets will be parts of the business that don’t contribute to a direct return on investment. However, before you start slashing budgets, you should consider the full effects of your decisions.
Take cyber security for example. It’s already notoriously underfunded, with IT teams and other decision-makers being forced to make do with limited resources.
According to a Kaspersky report, a quarter of UK companies admit underfunding cyber security even though 82% of respondents have suffered data breaches.
The risk of cyber security incidents is even higher in the summer months when staff holidays mean that cyber security resources are even more stretched than usual.
What’s at stake?
The global cost of cybercrime is predicted to reach $10.5 trillion (£8.8 trillion) in the next three years, more than triple the $3 trillion (£2.5 trillion) cost in 2015.
We’ve reached record numbers of phishing attacks, with the Anti-Phishing Working Group detecting more than one million bogus emails last quarter. Meanwhile, there were more ransomware attacks in the first quarter of 2022 than there were in the whole of 2021.
These are worrying signs for organizations, and an economic downturn will only make cyber criminals more determined to make money – especially as they know their targets are focusing on cutting costs.
But it’s not just the immediate costs associated with cyber-attacks and disruption that organizations should be worried about. There are also long-term effects, whether that’s lingering operational disruption, reputational damage, or regulatory action.
Consider the ongoing problems that British Airways faced after it suffered a cyber attack in 2018. It took the airline more than two months to detect the breach, creating enduring difficulties and ultimately resulting in a £20 million fine.
The ICO (Information Commissioner’s Office), which investigated the incident, found that British Airways was processing a significant amount of personal data without adequate security measures in place, and had it addressed those vulnerabilities, it would have prevented the attack.
There were several measures that British Airways could have used to mitigate or prevent the damage, including:
- Applying access controls to applications, data, and tools to ensure individuals could only access information relevant to their job;
- Performing penetration tests to spot weaknesses; and
- Implementing multi-factor authentication.
In addition to the fine, British Airways settled a class action from as many as 16,000 claimants. The amount of the settlement remains confidential, but the cost of the payout was estimated to be as much as £2,000 per person.
Remarkably, the penalty and the class action represent a case of strikingly good fortune for British Airways. Had it come earlier, it would have been at the height of the COVID-19 pandemic when airlines were severely affected and were it any later, it would have come during a period of massive inflation.
It’s a lesson that other organizations must take to heart. The GDPR is being actively enforced throughout the EU and UK, so organizations must ensure compliance.
Failure to do so will result in unforeseen costs at a time when every precaution must be taken to reduce costs.
Invest today, secure tomorrow
It’s long been accepted that it’s a matter of ‘when’ rather than ‘if’ you will suffer a cyber attack. When you do, you’ll have to invest heavily in security solutions on top of having to pay remediation costs.
In times of uncertainty, you need your services to be as reliable as possible. The challenges your organization will face in the coming months as a result of falling consumer confidence are enough to deal with without having to contend with cybercrime and its inevitable fallout.
Investing in effective cyber security measures will enable your organization to make the most of its opportunities in straightened circumstances.
We want to help our customers get the most from their cyber security training this year.
Contact us for more about the training in cyber security and internship.
Don’t let the recession put your organization at greater risk: make the most of your cyber security investments with SEALCUBE.