In this high-tech century, news about hackers breaking into corporate information systems is not surprising anymore. Rather, it has become a common administrative issue for businesses and requires special attention from the board of directors, since cyber-security breaches can result in significant business losses if not handled properly. This blog post will review the recent findings from the World Economic Forum and McKinsey and provide the approaches that company leaders can follow to reduce cyber risks.
According to the recent report from the World Economic Forum and McKinsey, cyber-attackers’ sophistication outpaces the increasing defenders’ abilities, despite tens of billions of dollars being spent annually on IT security. Among the 200 global business organizations being surveyed, only 5% have reached the mature level of cyber risk management, and none have reached the robust level yet. If companies remain passive in their defense against cyber-attacks, the global economy could potentially lose as much as $3 trillion over the next 5 years.
Recently, we have seen an increasing rate in the number of companies falling victim to cyber-attacks. Target’s earning fell more than 40% in the quarter following its data breach over a year ago. Similarly, Ebay’s sales took a hit in the year its payment transaction system was attacked. There are a few things that companies can do to avoid losses from cyber-attacks. First, companies should routinely test their systems. Most data breaches come from malicious software, which can be identified and eliminated through routine system checks. Second, an internal audit must be required to ensure that employees are not sharing information with others. Chief Financial Officers and Chief Security Officers should also work collaboratively to create security policies and provide employees with financial incentives to protect the company’s private data. Moreover, companies should evaluate outsourcing carefully. When companies give rights to accessing data to third parties, there are potential risks that the data will be shared with others, and therefore companies should fully evaluate the risks and benefits of outsourcing.
In all, cyber-attacks have become so pervasive that companies need to devote significant resources to protect their assets and information. In order to avoid losses in productivity and growth, companies need to implement intensive IT and administrative governance. To learn about the impact of cyber-attacks on global business, check out the globalEDGE newsletter!