Big business, not regulation, needs to drive cybersecurity
Cybersecurity presents a huge challenge for business both technologically and monetarily. It's no surprise that Chief Executives and Chief Finance Officers routinely cite cybersecurity as a growing concern, exacerbated by the rapid rise in big data.
Big data can equal big problems
Big data is transforming the way business operates. Companies can now collect, analyse and use big data to predict customer purchase patterns,enabling a company to tailor the customer experience to maximise revenue.
However, this data can also be immensely valuable to criminals, who can use it to steal money or identity and because it is digital the data can be replicated over and over – potentially before the company even knows it has been accessed illegally.
Lack of security
Insufficient security can lead to data breaches, which are increasingly damaging to a company’s reputation and can cost millions in revenue and future potential customers.
Individuals are ever more aware of the value of their personal information and will be far less likely to do business with a company that has suffered a data breach.
Regulation is out-paced
The pace of technology presents a challenge for government and authorities. The time it takes laws to be passed brings the very real possibility that regulation in the field will be out of date before they are even signed.
The role of business
Big business can play an important role in raising standards of cybersecurity through the supply chain. Criminals will look to target the weakest link in the chain, and because of resources this will often – but not always – be the smaller companies.
Larger businesses can use their resources and expertise to help the smaller ones improve their cybersecurity and protect the entire chain.
Insurance isn't the only solution
The birth of the cybersecurity insurance market highlights the reality of the risk. But there is not enough information for underwriters to be able to set appropriate premiums and while take up is relatively low there will inevitably be a higher loading of premiums.
However it is definitely something that business should consider, alongside other defences. Don’t leave your doors unlocked just because you’ve got theft insurance.
Cybersecurity and regulation in summary
Cybersecurity is a fast moving field - change is faster than most legislatures could hope to keep up with
Business must learn to protect itself
Existing principles of consumer protection and business regulation can and should be adapted to respond to the new threat
Governments and other authorities have a role to play in disseminating best practice and guidance
The most effective use of public funds is raising of knowledge of businesses about the best options for defence and preparedness
Development of certification and assurance regimes for business are valuable tool.