A couple of years ago, I was attending a lecture series organized by SwissRe insurance. In this lecture series, experts from different sectors highlighted challenges faced by the insurance industry from disruptions in the market.
To me particularly interesting was the talk on ‘cyber-security’. It was the topic, I was studying since the time I did research on my ‘Zero Cost MBA’ curriculum and found it one of the disruptive forces for global businesses.
My presenter, A senior executive from SwissRe, Zurich started his talk by narrating an interesting incident.
“A fortune 500 firm, a very senior executive. Everything was going well until his computer was hacked. Some of the important files were made inaccessible and he was asked to pay a hefty ransom to retrieve those files. Failure to comply with the hacker’s request will risk losing them permanently. Consultation with cybersecurity experts did not yield anything to recover those files. Finally, the executive paid for those files.”
The presenter put forward some questions to the audience as he went with his presentation about intellectual property theft, insuring against hackers, measuring the value of such content, etc.
Some of the questions kept on resonating in my mind for a long time. Can any organization provide insurance against such theft? How to measure the damage of such attacks? How much does it cost to safeguard your firm? Does corporate culture has a role to play here? What to do if you are hacked? Is releasing information or any potential attack in public enough to restore credibility? What sort of support system is available at the state level?
A recent Bloomberg Radio interview by AVAST CEO Ondrej Vleck presented the technological side of this entire ecosystem. Later, studying a course offered by MITx helped me to understand the policy side of it.
In my view, challenges related to cyber-security can be categorized into 4 different themes.
Social: The word ‘Behavioral’ sounds better instead of calling social. Technology has taken a center-stage in our lives but a majority of users are not aware of the safe usage of the technology. Not clicking that so tempting e-mail, setting up strong passwords are some of the basic tricks to learn but they are also the most difficult to follow consistently. It requires a change in behavior which is hard to come by for everyone. Where are we right now?
We do have anti-virus software installed in our computer systems, big corporations follow stringent protocols to prevent unauthorized entries, and there has been a lot of awareness to remind citizens about cyber-safety. But all of these efforts still fail short of the requirement in preventing any potential hacking attempt.
Technological & Financial: Safeguarding any digital system will require a dedicated team of IT professionals who have to keep themselves updated with newer technologies. This will increase the expenditure on IT department a lot and not many companies will be in the position to afford it. Even training such a professional will require a specialized curriculum and alternation in the existing law enforcement training methodologies.
Hackers are getting smarter & effective by constantly equipping themselves with the latest technological tools. Law enforcement agencies need to do a catching up game every time something big happens.
Public Policy:As I said earlier, often such attacks are noticed only when a prominent site comes under attack. Often, companies, out of fear of losing their credibility delay releasing information about cyber attacks.
Often such hacking attempts are deliberate to steal government secrets, corporate secrets, personal information, etc. Many of these perpetrators are located outside the jurisdiction of the country, making it difficult to locate and then bring them to justice. The lack of a common framework at the international level is also making it difficult to catch criminals.
Covid 19 made us a digitized society to a very large extent and this trend will continue in the future. The more we become gadget-friendly, the more the risk of losing something. As a business strategist, I feel this could be one of the factors in SWOT Analysis for any business in the coming years.
What is your take on it? Do your current business practices take cyber-security protocol into account?
1) Swissnex India
2) Instructors of the MITx course “Cybersecurity for Critical Urban Infrastructures”, delivered through edX.org
3) Ondrej Vlcek, CEO, Avast
5) Swiss Re (insurance company)