In case you haven’t noticed, the European Institutions (as well as the UK Government and those on the other side of the pond) have been ramping up their digital agendas in recent months, each seeking to instil the importance of cyber security on citizens and businesses alike.
It’s all about raising cyber security awareness, but essentially the message is this: companies must understand their systems and data, and must take a proportionate, risk-based approach to keeping them secure. They must build resilient networks and communications systems, and protect our critical infrastructures. As the threats against this landscape continue to increase, there is a corresponding decline in consumer trust, so what is important is to demonstrate you have the ability and agility to counter those threats and show you are committed to data and cyber security. Ultimately that will build trust.
Raising cyber security awareness has no doubt been assisted somewhat by the recent “Snowden revelations” but it is very easy to get distracted by all the sensationalist headlines. Despite what goes on in the law enforcement and intelligence worlds, we shouldn’t lose sight of the importance of building trust and building a strong and resilient digital economy.
This week in Germany the 2nd Cyber Security Summit took place, with a notable Keynote speech given by Neelie Kroes (the Vice President of the European Commission, Digital Agenda) about how to make Europe the world’s safest online environment. A copy of the speech is available here.
Ms Kroes highlighted three trends that have appeared in the digital age. Firstly, the recognition that the online world provides us all with huge benefits – let’s face it, we all use and rely on technologies every minute of every day. But with these benefits comes the second trend; risks. Cyber attacks, data loss, identify theft – the list goes on.
The third trend then is that these risks ultimately lead to significant costs (both in terms of mitigating against risk and dealing with problems that risks result in). Indeed, Ms Kroes points out the frequency of data security breaches suffered each year and says that the resulting costs (particularly for major incidents) “could amount to over a quarter of a trillion dollars“.
That, I’m sure, isn’t an exaggeration. The UK Information Commissioner can fine companies up to £500,000, and businesses must be shuddering at the thought of the €100m / 5% AWWT fines that are proposed under the latest draft of the EU Data Protection Regulation. But that is just the fines themselves; what about all the other stuff? The reality is that there are all sorts of other expenses such as outlays for detection of breaches, escalation, notification, after-event mitigation, containment and response, not to mention legal and other professional fees.
But with all that in mind, let’s also go back to Neelie Kroes’ “first trend” and think about all the benefits the digital world can offer. Let’s make sure we can reap those benefits by building effective cyber defences into our business strategies. That’s going to involve some investment, but it’s also going to provide a level of protection against many of the significant costs associated with a security incident. And perhaps most importantly of all, demonstrating you are ahead of the game will help build trust; a vital commodity in today’s digital world.