Posted on November 27, 2020 by Rob May
2020 has been both inconveniently disruptive and brilliantly transformative. No one was prepared for what Covid-19 really meant, the forced deployment of working from home drove rapid changes alongside what was already a testing backdrop of political impact and Brexit uncertainty.
As a result, I am increasingly engaged in conversations about what this means from a technology and CyberSecurity perspective. What must organisations do to drive sustainable growth and to continue a journey of digital transformation?
I had been pondering these thoughts when serendipitously I was invited to attend a Microsoft event at which they shared a thought-provoking piece of work completed in conjunction with the Department for Innovation at Goldsmiths, University of London. Their project has been titled Creating a blueprint for UK competitiveness.
The report is a fascinating thought leadership piece on the various elements that contribute to UK prosperity and competitiveness (and let’s face it, right now we need all the advantages we can get in the competitiveness stakes).
The blueprint looks at how we do this. What we need to do to transform our organisations and how we can drive sustainable growth.
Our rapid move to work from home (and the obvious long-term resultant work from anywhere) has increased the security threat surface and we need to be openly discussing this and increasing risk management within our organisations. According to the World Economic Forum, cyberattacks and data fraud is the number 3 most worrisome COVID-related business concern, based on the perceptions of 350 of the world’s top risk professionals.
An interesting part of the Microsoft research echoes much of what I speak about with regards to CyberSecurity and highlights seven key points/statistics:
⚠ 41% of UK leaders say their organisation has been the target of a cyber security attack in the past five years.
This 41% are the organisations who are openly aware of the targeting. The reality is that all organisations are constantly being targeted and if you do not think that you are then you are not facing facts.
⚠ 19% of UK leaders surveyed say their organisation has been harmed by a cyber security attack in the past five years.
Harm from an attack comes in many forms, some obvious (cases where businesses do not recover at all), others less so. Reputational damage can be hard to determine but it is very real. Also consider the impact in both cost and productivity if you lost data, platforms, or systems for what can be days, weeks or months depending on the organisations preparedness for an inevitable attack.
⚠ 74% of UK leaders surveyed say that they know what to do in the event of a cyber security attack.
Of all the stats in the report this is the one I find hardest to uphold. Since GDPR was first introduced I’ve been running training sessions on CyberSecurity responsibilities for the board and my experiences across all sectors and all organisation sizes, makes me think that this is not a realistic statistic. Endpoints have become an ever-increasing target but threats remain hard to detect. Organisations can deploy solutions to help prevent breaches, including integrated platforms that secure every touchpoint, from the cloud right down to the endpoint.
⚠ 18% of UK leaders surveyed say they do not know what to do in the event of a cyber security attack.
Following on from the previous point, my belief is that this number should be higher. This is an important fact and business leaders really need to own this and get a proper understanding. The reality is that this is the board’s responsibility and under law that responsibility cannot be outsourced. The old days of blaming it on the IT department or on a third-party IT provider are long gone.
⚠ A third (34%) of UK employees do not know if their organisation is well prepared to combat cyber-security threats.
Microsoft’s recent Digital Defense Report noted that in 2019 the organisation blocked over 13 billion malicious and suspicious mails. The hostile cyber landscape in which we all operate cannot be avoided and it is vital that ownership for this is driven from the top of the organisation and regularly discussed.
⚠ More than a third (37%) of UK employees surveyed said they do not know what to do in the event of a CyberSecurity attack.
Having a clear, easily accessible (and tested!) CyberSecurity Response Plan is vital. Hesitation, confusion and/or inaction in the event of an attack can cost an organisation dearly. From a compliance perspective this should be in place anyway, but from an ongoing productivity perspective in the event of an attack it is vital.
⚠ 19% of UK employees surveyed said they are unsure whether they know what to do in the event of a CyberSecurity attack.
The GDPR (and post Brexit GDPR UK), mandates CyberSecurity education for all stakeholders in an organisation. The law doesn’t define frequency, but an understanding of human learning and information retention tells us that it is imperative that we regularly train our people (at every level) to ensure that there is a clear and easily understood response.
It is not a question of Cyber Security it’s a question of Cyber Resilience, security by design does not just apply to products and systems but it needs to be part of the culture and the people within all organisations.
As we move into 2021 still plagued by Covid, our collective competitiveness and resilience will be put to the test like never before. Competitiveness to stay afloat, remain relevant and, ultimately, thrive and grow. As part of this UK businesses must take CyberSecurity and Risk Management seriously acknowledging the accelerated need for protecting data, virtual assets, the needs of remote working and handling risks.
Technology is a huge enabler in our productivity and competitiveness, but it must always be used wisely. To quote the Microsoft UK report, “We may be at a crossroads, but there is only one right road ahead.”
Written in paid partnership with Microsoft UK.