BDO promotes the need for proactive cyber defence
- The globally-coordinated ransomware attack on 12 May 2017 has spotlighted the urgent need for a change in organizations’ thinking about cybersecurity
- Organizations are over-confident in their ability to withstand a cyberattack as many underestimate the resulting long-term damage to the organization and its reputation
- BDO advises that Board members and leadership need to raise their gaze and their game
BDO’s global cybersecurity leadership group urges organisations of all sizes to take a proactive approach to cyber defence. They advise that executive Boards need to need to raise their gaze and their game, immerse themselves in the cyber issue and allocate sufficient resources to ensure an effective management of cyber risks, because he severity, nature and extent of cyber threats is so great that it can only really be addressed at Board level.
it is made clear that cyber security has become a legal obligation. When a company’s network is breached, recent regulations, such as the European Union’s General Data Protection Regulation, mean that consequences can include sanctions. Assessing the impact of landmark data breaches over the past decade, states and national governments have stepped in which, going forward, will require organisations to announce data breaches and making it compulsory for organisations to take concrete measures.
A survey by Oxford University analysing US and EU companies put the potential data breach cost at US$1.5 million for companies with 5,000+ employees. For SMEs, another report estimated a breach cost of US$36,000, factoring in loss of business opportunities
Jason Gottschalk, partner and expert in cybersecurity at BDO UK explains, “Due diligence processes in cybersecurity are complex. How do you measure cyber readiness? With an ISO standard? It is a daunting task to quantify parameters such as the probability of cyberattack and preparedness. Companies aren’t used to assessing cyber resilience.”
Organisations need to prove to stakeholders that they pay more than lip-service to cybersecurity. They must develop a higher state of readiness to deal with cybersecurity incidents, ultimately replacing their security approach to online crime with a cyber defence approach.
Cyber defence is a new doctrine which is finding uptake with governments and corporations worldwide. Cyber defence lifts the thinking about cybersecurity to a new and higher level, involving all departments of a business. It embraces proactive threat deterrent tactics, so implying a proactive approach to discourage cybercrime.
At BDO, our global cyber security leadership group offers several proprietary models for supporting organisations in developing and improving their resilience posture. From establishing compliance and building a proactive approach, through the ongoing development of capabilities and effective security risk management, we work with our clients to quickly attain higher levels of maturity and resilience.
BDO has been steadily developing our cybersecurity value proposition in the last year, acquiring leading cybersecurity advisory firms that enable BDO clients to be rapidly connected with skilled security operators based at centrally located, dedicated monitoring and security operations centres.