That is the message from business advisers at PwC. As cyber risks continually evolvie, companies should create and develop their cyber risk strategies through a focus on innovation and technology.
The warning comes as the latest Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills and carried out by PwC, reveals the scale and cost of cyber security breaches has almost doubled in the last year.
Although organisations are experiencing fewer breaches overall, the severity and impact of attacks has increased, with the average cost of an organisation’s worst breach rising significantly for the third consecutive year.
For private equity backed businesses, the potential impact of cyber security breaches can be even more damaging.
Steve Kentish, private equity leader at PwC in Milton Keynes and the South Midlands, said: “Cyber security threats are universal to all, whether you are talking about protecting corporate IP or managing the risks to both your professional and private life.
And cyber security is not just about technology and computers. People, information, systems, processes, culture and physical surroundings are all involved and businesses need to realise this to make sure they are moving confidently towards their digital future.
“Combatting this risk is of particular importance to private equity backed companies. Given the dynamic nature of the risk, private equity backed companies need to be reviewing threats and vulnerabilities on a regular basis.
“If a breach happens, a business can experience a rapid loss of value, whether due to a loss of valuable IP or reputational damage as a result of the breach. However, with proper planning and appropriate investment, these risks can be avoided.”
Chris Wight, cyber security partner at PwC in Milton Keynes and the South Midlands, added: “Addressing the cyber security risk involves more than just installing an anti-virus solution or a firewall. Organisations should look at the people and process side of information security as well, rather than just focusing on the technical side.
“Companies need to identify their most valuable information assets – ones that if stolen, compromised or used inappropriately, could have severe impact either as financial loss or reputational damage or, in some cases, could significantly disrupt operations or even threaten a company’s very existence.”
Every organisation needs a cyber security strategy or plan, he added, devised by senior management so that information security risks to critical corporate information are appropriately identified and managed.
“This would then help organisations understand their security capabilities to ensure that the right resources – technical, physical, processes and human capital – are in place to safeguard them against cyber threats,” said Mr Wight.
