How Important Is Cyber Security? Essential or Merely Critical?
Imagine if in 2018 your business had to absorb an unexpected $7.91 million charge. That was the average per-company cost of a data breach in the U.S. (globally, it was $3.86 million—IBM and Ponemon Institute’s Cost of a Data Breach 2018 study). Those numbers may seem quaint in 2020 when the average data breach costs U.S. companies more than $150 million (Juniper).
Juniper Research estimates 2019 cyber crime costs will exceed $2 trillion, a four-fold increase from just four years prior (The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation, a Juniper Research report). That collective financial cost is expected to more than double to $5 trillion in 2020 (Cyber Defense Magazine).
As eye-popping as these numbers are, Deloitte suggests they are dwarfed by the real costs imposed by harder-to-quantify factors such as reputational harm, loss of market share, etc. These ‘hidden’ costs run to 90 percent of the total business impact, and typically aren’t fully felt until two years or more after the event. (Beneath the Surface of a Cyberattack: A Deeper Look at the Business Impacts, a Deloitte Advisory.)
Beyond financial damages, cyber attacks cause truly incalculable harm by disrupting or ruining personal lives, professional careers, and business relationships. And their physical impacts may be enormous—just think of downed power grids or scrambled medical data—as when powerful nation-states or state-sponsored bad actors wage full-scale cyber war.
Regulations such as HIPAA and the EU’s General Data Protection Regulation (GDPR, implemented in 2018) compel organizations to take serious cyber security precautions or else incur heavy fines. Many of these regulations force organizations to safeguard the personal data they hold; slip up in this arena and you’ll face lasting public outrage and mistrust, which in itself causes economic harm.
The cyber crime industry holds all the best cards, giving hackers and other bad actors everything they need to thrive indefinitely: Expertise, financing, readily available readymade tools, strong financial and political incentives, anonymity, and an inextricably interconnected digital landscape rife with vulnerabilities.
There are unshakeable reasons why cyber attacks, as bad as they are now, will only grow more frequent, more intense, and more successful.
We, the Cloud Generation, insist on this environment: In our Cloud Generation, everyone and everything is connected. Information flows freely across various devices, services, and platforms. We demand easy online document sharing, email that’s available on every device, databases accessible from anywhere, and phones you talk to not through. IT services giant Cisco estimates there will be 27+ billion internet-connected devices globally by 2021.
If your business is in the cloud—and it is—your network is exposed and your sensitive data is on someone else’s computer. Think about it. There’s no turning back.
Cyber attack comes with low risk: How many perpetrators of sensational, headline-grabbing breaches have been prosecuted? Cyber criminals aren’t worried about getting arrested, going to jail, or being forced to make restitution. Law enforcement is stepping up its efforts, but in many ways it is ‘outgunned’ and unable to handcuff cyber criminals who operate anonymously—it’s hard to pinpoint a cyber attack’s origins—and offshore.
Cyber crime offers high rewards: The cyber crime industry hit $1.5 trillion in profits in 2018, according to a study commissioned by Bromium and presented at RSA. If profits were GDP, and cyber crime was a country, it would rank 13th in the world—easily surpassing Spain and Australia. Of course, cyber crime is not all about making money: Well-resourced state-sponsored hackers launch cyber attacks as a cheaper, faster, easier, and safer method of waging war.
Bad actors are constantly innovating: It’s an article of cyber security faith that you can’t stop at stopping only known threats. Well-funded and highly skilled hackers continually create new malware and methods that expose and exploit chinks in your organization’s armor. Threat intelligence networks, artificial intelligence, machine learning—you need it all to predict and detect emerging cyber threats.
The barrier to entry is low: Bad actors don’t need to be technologically advanced to get started; they just pick up cheap hacking tools on the dark web. Cyber crime is now a commercialized industry and just about anyone is able to access the resources necessary to engage in ransomware, cryptomining, and more.
Not long ago, most cyber security professionals believed the right firewall, antivirus package, and encryption tools were enough to keep their companies’ data, devices, technologies, and systems safe from cyber attack and breaches.
But in today’s increasingly dangerous digital world, you have to extend cyber security to the ever-expanding mix of devices, connections, networks, and hosted apps that power your business. And that requires an integrated approach that ensures your technologies, services, and threat intelligence work as one. Cobbled-together collections of isolated point products, no matter how good they are, can’t protect your organization—cyber criminals just have too many ways in.
You have to build your defense on an integrated security framework—at Symantec, we call this our Integrated Cyber Defense Platform—woven from technologies and platform foundations that spread across every control point.