Cyber risk: why it matters and how to develop resilience

Cyber security is often seen as a remote, nebulous problem, yet the impact of recent events lies firmly in the real-world. We asked Ed Parsons from information security specialists, MWR Infosecurity, to give his perspective.

In February this year, Verizon Communications Inc. announced a reduction in the price it will pay to acquire Yahoo’s operating business by $350 million, following a number of cyber incidents exposing over half a billion customer records. Many organisations could soon face similarly large penalties for failing to protect data: under the European General Data Protection Regulation (GDPR) from May 2018, companies that fail to comply with statutory obligations could face fines of up to 4% of global annual turnover.

The risk is not new, although threats have increased in scale and sophistication. Despite spending more than ever on security, data breaches and system outages continue. Analysis of these incidents suggests organisations are failing to effectively prevent or even detect attacks. Arguably we are reaching a state of ‘breach fatigue’, where the number of incidents, the incomprehensible amount of exposed data – and perhaps media focus itself – has led businesses and their customers to view cyber-attacks as an inevitability. With such a bleak picture it’s little wonder security wonks are telling their superiors to ‘assume compromise’.