- The globally-coordinated ransomware attack on 12 May 2017 has spotlighted the urgent need for a change in organisations’ thinking about cybersecurity
- Organisations are over-confident in their ability to withstand a cyberattack as many underestimate the resulting long-term damage to the organisation and its reputation
- BDO advises that Board members and leadership need to raise their gaze and their game
In a new white paper published today, BDO’s global cybersecurity leadership group urges organisations of all sizes to take a proactive approach to cyber defence. They advise that executive Boards need to need to raise their gaze and their game, immerse themselves in the cyber issue and allocate sufficient resources to ensure an effective management of cyber risks, because he severity, nature and extent of cyber threats is so great that it can only really be addressed at Board level.
In the BDO white paper’s accompanying video it is made clear that cyber security has become a legal obligation. When a company’s network is breached, recent regulations, such as the European Union’s General Data Protection Regulation, mean that consequences can include sanctions. Assessing the impact of landmark data breaches over the past decade, states and national governments have stepped in which, going forward, will require organisations to announce data breaches and making it compulsory for organisations to take concrete measures.
A survey by Oxford University(1) analysing US and EU companies put the potential data breach cost at US$1.5 million for companies with 5,000+ employees. For SMEs, another report estimated a breach cost of US$36,000, factoring in loss of business opportunities (2).
Jason Gottschalk, partner and expert in cybersecurity at BDO UK explains, “Due diligence processes in cybersecurity are complex. How do you measure cyber readiness? With an ISO standard? It is a daunting task to quantify parameters such as the probability of cyberattack and preparedness. Companies aren’t used to assessing cyber resilience.”
Organisations need to prove to stakeholders that they pay more than lip-service to cybersecurity. They must develop a higher state of readiness to deal with cybersecurity incidents, ultimately replacing their security approach to online crime with a cyber defence approach.
Cyber defence is a new doctrine which is finding uptake with governments and corporations worldwide. Cyber defence lifts the thinking about cybersecurity to a new and higher level, involving all departments of a business. It embraces proactive threat deterrent tactics, so implying a proactive approach to discourage cybercrime.
Danny Solomon, head of International Consulting at BDO Israel’s cybersecurity centre: “Some companies view cybersecurity as a blanket term - a one size fits all solution. What they often miss is establishing a risk assessment process that clearly identifies where their organisation would suffer a major loss in case of a breach and work outwards from there. There is also a lack of role-based security features that take a specific employee’s position and access level into account.”
At BDO, our global cyber security leadership group offers several proprietary models for supporting organisations in developing and improving their resilience posture. From establishing compliance and building a proactive approach, through the ongoing development of capabilities and effective security risk management, we work with our clients to quickly attain higher levels of maturity and resilience.
BDO has been steadily developing our cybersecurity value proposition in the last year, with BDO firms in Israel and the Netherlands, among others, acquiring leading cybersecurity advisory firms that enable BDO clients to be rapidly connected with skilled security operators based at centrally located, dedicated monitoring and security operations centres.
(1) GCI/Oxford University, 2017