Could cyber security underpin future business prosperity? writes Jude McCorry, pictured, CEO of the Scottish Business Resilience Centre (SBRC).
With a fallout of the COVID-19 pandemic meaning that almost every part of our everyday lives has been digitalised, it has also sparked a rapid acceleration in the number and complexity of cyber incidents. Indeed, 2020 was marked as the busiest year on record for cyber attacks against UK firms, as reported by specialist internet service provider, Beaming.
Overseas, the US government hailed the cyber security crisis as “one of the most serious economic and national security challenges we face as a nation” and, closer to home, Police Scotland has upped its response with the opening of a National Centre of Excellence.
Proactive risk assessment has always been a fundamental part of any business, and over the last ten years many organisations have become more accustomed to operating in constant anticipation of a possible attack.
However, as threats persist and become more frequent, protecting businesses from online attacks has become a critical management issue affecting all organisations. Realistically, it’s no longer a question for businesses of if they’ll face a cyber attack, but when it will happen.
In a survey SBRC conducted with more than 250 Scottish businesses, organisations echoed the global concerns around cyber security: almost 60 per cent reported that online resilience has become more important to them over the last year.
While the pandemic has bolstered the number of organisations adopting secure practices, a rise in the importance of online resilience isn’t unusual.
Perhaps more surprising though, is that the same survey showed Scottish businesses are transitioning from viewing the adoption of cyber security measures purely as a form of damage control and risk management. We found that almost half of businesses now engage with cyber security training to maximise new business opportunities.
A shift towards a business-driven cyber security model is a hugely positive step in the fight against online attacks. As an understanding of digital security increasingly becomes part of common conscience, it is becoming progressively more common for stringent cyber security protocols to be included as a condition of custom. We’re already seeing the knock-on effects of this, with over 35pc of our survey respondents saying they had missed out on new or existing business because they didn’t have adequate online safeguarding measures in place. The very nature of a cyber attack means it affects every part of the business supply chain, and so it is right that organisations at all levels take an active interest in the practices employed by those they work with.
Including cyber security as a key part of business development marks a move from a ‘prepare for the worst’ approach, and instead will ingrain the practice into every aspect of company life. We’ve seen this logic reflected in take up for schemes like Cyber Essentials, a UK Government certification programme which helps to guard an organisation against cyber-attack. Schemes like this have been particularly popular for those who operate in the public sector, where a certification in cyber security is increasingly becoming a requirement for most Government contracts.
With calls from the National Cyber Security Centre (NCSC) to prepare for a new era of increasingly sophisticated cyber attacks, the adoption of best cyber practices as a means of business development marks an important shift in protecting organisations against ever-increasing threats. Certification schemes like Cyber Essentials will likely become progressively more important as businesses strive to assure clients and service users, and organisations must take note.