Cybersecurity is now a C-level concern
The audacity of cyber attacks on businesses, financial institutions, and other organizations has been increasing in recent years, but it reached new levels in 2016 with the largest bank heist in history ($81 million stolen from the Bank of Bangladesh), a major denial of service attack on a US internet service provider linked to the “Internet of Things”, and the damaging hacks of emails in the US presidential elections. These events make previous noteworthy attacks (remember the Sony emails in 2014?) seem almost quaint.
Experts say we can expect more cyber attacks from a variety of bad actors going forward. They include criminal organizations and nation-states, as well as activists, insiders, and unwitting accomplices. But at the same time, it’s clear that governments and businesses are making cyber defense a higher priority. The UK Chancellor, Philip Hammond, just launched a new National Cyber Security Strategy. In the US, the SEC has been stepping up pressure on financial services providers, as well as publicly traded companies to increase security.
At the corporate level, we have seen a trend toward the appointments of Chief Information Security Officers (CISOs) at the C-Suite level. Some organizations have also appointed Board of Director-level committees to review and oversee cybersecurity. Of course, large organizations with deep resources can and must provide this level of protection. But what about small to medium-sized businesses who lack the internal resources to protect themselves and want to focus on their core plans for growth? Is outsourcing the answer?
There is a large and growing market for outsourced cybersecurity solutions – at least 300 firms and counting. Many of these are simply off-the-shelf software packages – one-size-fits-all. They may offer some measure of protection, but as noted, cyber criminals are upping their games. Can these solutions keep pace? More reassuring are managed service offerings from experienced security providers with global footprints. The best of this breed offers 24/7/365 monitoring, constant threat updating, and immediate remediation in the event of an attack. A side-benefit is that round-the-clock managed cybersecurity greatly minimizes the number of false alarms that can drive internal IT staff crazy.
It is estimated that middle-market businesses in the US represent the 5th largest economy in the world. They should be a huge benefactor of this cybersecurity trend.