Cyber crime is big business. Attacks can come from opportunists, commercial rivals, terrorist groups, bored teenagers, organised crime and nation states.
The goal could be anything from online vandalism to data theft or destabilisation. Faced with such threats, a new industry has emerged promising an array of state-of-the-art systems to keep your data and commercial infrastructure safe. Indeed, a recent cyber conference hosted over 3,000 exhibitors – all claiming to provide the security that modern businesses should seek.
It can be a bewildering landscape, which might explain why a quarter of European companies are completely unprepared for a cyber-attack, according to global law firm DLA Piper. The warning comes as the World Energy Council releases a major report on cyber security today, highlighting a massive increase in cyber attacks on energy companies.
Read more: Cyber attack fears push up hack insurance
The WEC's secretary general, Christoph Frei, says “what makes cyber threats so dangerous is that they can go unnoticed until the real damage is done”. Consultancy NCC Group, whose chief executive Rob Cotton addressed business leaders at the Institute of Directors annual convention earlier this week, says that it takes an average of 120 days for an organisation to find out that it's been compromised.
One expert has even suggested that a majority of FTSE100 companies will likely have suffered some kind of breach that they simply don't yet know about. One of the most alarming developments is the use of artificial intelligence as a feature of sophisticated attacks. It's believed that the first AI attack on a major bank was identified and defeated in recent months.
City A.M. understands that the attack was probably carried out by a nation state and was designed not to steal, but to cause irreparable damage to public trust in the institution. What can be done to strengthen the UK's collective resilience? Seventy seven per cent of company directors surveyed by NCC Group now want watchdogs to take a tougher stance on companies with insufficient security measures.
It's also essential that the issue moves from being the preserve of the IT department to a board-level consideration with executive oversight. One thing’s for sure: the threat level is unlikely to diminish.