Director of Finance Magazine Winter 2017/18

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

SPECIAL REPORT | Cyber Security E

very business has something – be it digitally- managed money, customer data or a popular social

media account – that cyber criminals are interested in getting their hands on. When CIOs and CISOs gather at conferences around the world, the cliché has become that it is “not if, but when” your business will be breached. Financial losses reaching into the billions fill television bulletins and column inches with increasing regularity. So why do so many businesses underestimate cyber attacks? A recent study by Lockton found that many organisations are overconfident in their defences and underestimate what the report’s authors called the “seismic aſtershocks” of a cyber attack. Half of the firms surveyed said they were confident they could be up and running within 48 hours of an incident. In reality, it is oſten months or even years before businesses are fully operational again. “The fact that so few businesses are

aware of the aſtershocks caused by a cyber attack is concerning,” said Peter Erceg, senior vice president of global cyber and technology at Lockton. “It can take several months, if not years, to become entirely operational again aſter a large-scale breach – and for some firms a full recovery may be bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unaware.” But while companies are focused on the initial incident – the outages that hinder their operations and the theſt of valuable intellectual property, for example – they are failing to recognise that large parts of the cost of any particular cyber incident can come in the aſtermath. For example, 72% of businesses know

they can lose revenue aſter a breach and 69% recognise that they can lose data, but only a third think about the cost of any resulting forensic investigation and only 36% factor in the time spent reviewing their policies aſterwards. Just 52% of firms consider lost customers when they calculate the potential consequences of an incident. Yet this can be a significant factor – aſter its 2015 data breach, which affected 157,000 people, TalkTalk estimated that it lost 95,000 subscribers as a result. Regulatory fines, factored in by 46%

dofonline.co.uk

AFTERSHOCKS OF AN ATTACK CAN BE DEVASTATING

It can take several months, if not years, to become entirely operational again after a large-scale breach and for some firms a

full recovery may be bridge too far... BY MATT SMITH

of businesses, are another potentially costly exclusion. TalkTalk was fined a record £400,000 by the Information Commissioner’s Office following its breach, but from May 2018 firms could face fines of up to €20 million (£18 million) or 4% of their global turnover under the European Union’s new General Data Protection Regulation. These “invisible costs”, as the report’s

authors called them, present huge – in some cases even crippling – financial repercussions for breached businesses. They are also likely to be worse for those who were the least prepared, making firms’ overconfidence in their defences all the more worrying. But, although it could be argued that cyber crime presents a greater financial

risk than any other threat facing modern businesses, only half of UK companies involve their boards in cyber security planning. Security experts recommend that senior leaders from all parts of the business are involved in security strategy, and not doing so could prove disastrous in the event of a major cyber incident. “Effective cyber breach planning must involve stakeholders from across the business,” Erceg said. “This is no longer the purview of a few IT specialists. The shockwaves of cyber attacks are too damaging and too prevalent for businesses to not make it one of the biggest risks they face. Today, we should all be considering when, not if, an attack will happen and protecting ourselves from the risk.” n

DIRECTOR OF FINANCE 15

IMAGE SERGEY NIVENS/ADOBE STOCK

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52