BSI urges businesses to achieve information resilience as cyber risk heightens
27 March 2019
- All organizations responsible for their own data security
- Cost and risk of cybercrime escalating globally
In today’s quickly evolving cyber landscape, organizations must achieve a state of information resilience* in order to safeguard not only their data but also their people, their finances and their reputation.
That was the overriding message at the inaugural BSI International Cyber Resilience Exchange, which took place yesterday (26 March) at The Convention Centre, Dublin.
The Exchange, which featured some of the world’s foremost cyber-intelligence experts, gave an audience of Irish and international business leaders an opportunity to understand how to protect their organizations’ information against the threat of cyber-attack.
Achieving Information Resilience
Delegates heard that corporate best practice has moved beyond the ability to respond to security incidents to properly securing and protecting data assets in the first place. According to BSI, it is the responsibility of organizations – and their senior executives – to ensure information systems are available and secure at all times.
“We live and work in a world that relies almost completely on digital information,” said Michael Bailey, Director at BSI. “As we generate and store information to help us run our lives and businesses, cyber criminals are using ever more sophisticated techniques to exploit that data for their own gain.
“Achieving a state of information resilience does not need to be complicated but it does need to involve the entire business, from senior management right down to entry level employees,” said BSI’s Michael Bailey. “Through testing, training, awareness and other information security-minded practices, organizations can ensure they are ready for the unexpected, at all times.”
As the risk of data theft escalates – globally, cybercrime was the second most reported crime in 2016 – so the cost of securing information has also risen. In 2018, organizations worldwide spent €82 billion on information security products and services; by 2021, cybercrime damage costs are expected to reach €5.1 trillion.
The cost of cybercrime was addressed by New York Times bestselling author and renowned cybercrime investigative journalist Brian Krebs, whose presentation focussed on raising the cost of cybercrime.
Raising the Cost of Cybercrime
“The reality is that data breaches are a daily occurrence,” Mr Krebs told the audience at yesterday’s event. “Everywhere you look, there are companies building their business models around collecting data and almost everyone has a problem keeping that data confidential.
“Virtually all aspects of cybersecurity come down to economic decisions and that applies to both attackers and defenders,” said Mr Krebs. “We need to explore how we can make cybercrime more expensive and less profitable for attackers, and less costly for organizations when they get breached.”
“It’s definitely a case of when not if,” said Mr Krebs. “Robust cybersecurity should start with an assumption that you are going to get targeted. That mindset can give you a head start.”
Securing the future
Also on yesterday’s programme was a panel discussion exploring the topic of ‘Securing the future’, featuring Sian John MBE, Microsoft’s Chief Security Advisor, and Dr Jessica Barker, an expert in the human nature of cybersecurity, who were joined by Stephen O’Boyle Global Head of Professional Services at BSI Cybersecurity and Information Resilience, and Conor Hogan, Senior Manager Information Governance at BSI Cybersecurity and Information Resilience.
The discussion focussed strongly on the importance of integrating cyber and information security within the core business operation rather than as an ‘add-on’ that is seen as separate to the business.
The panel agreed that data security is an essential contributor to an organization’s wider productivity. In this sense, a greater emphasis on technology and security at Board level can accelerate the organization’s journey towards information resilience.
The introduction of GDPR was cited as a good example of how Board engagement can spread awareness of critical security issues. However, the panel also agreed that regulators must come down hard on non-compliance with GDPR in order for the new privacy regulations to be embraced at all levels within organizations.
C-suite audience
Almost 250 delegates attended the BSI International Cyber Resilience Exchange, with a large proportion of C-suite executives including CEOs, CISOs and CTOs representing more than 30 different business sectors including aerospace, food, healthcare and construction.
BSI provides a range of solutions to help organizations address their information challenges covering cybersecurity, information management and privacy, security awareness, compliance and testing. For more information visit bsigroup.com/cyber-ie
ENDS
Note to Editors:
* Information resilience is a state where an organization or its clients can access their information securely and at exactly the moment, they need it, with its integrity assured, regardless of the threats that exist.
Cybercrime statistics can be found here: €82 billion = $93 billion worldwide spending projected on information security products and services in 2018; €5.1 trillion = $6 trillion cybercrime damage costs to hit annually by 2021 - ref page 8 of BSI report.
