The only long range certainty for businesses appears to be that cybercrime will increase both in cost to combat and damages to global business. With a jaw-dropping quadrupling of cybercrime cost from 2013 to 2015 (according to Juniper research) and a subsequently predicted quadrupling factor from 2015 to2019 to $2.1 trillion globally, there seems to be no inflection point in sight.
So, how does a business plan for this, or better yet avoid the trend? Certainly the prophetic direction given by Albert Einstein, “we cannot solve our problems with the same thinking we used when we created them”, becomes an imperative. Regardless of the type of diagram, how you hold your head, or squint your eyes, what we are currently doing has not stopped the growth of cybercrime.
We cannot solve our problems with the same thinking we used when we created them. – Albert Einstein
Has technology failed us? No, absolutely not. Our technology has never been better. However, as Schneier tells us, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” The unabated growth of cyber loss is being caused by a lack of operational and educational focus on employees and corporate culture. According to The Verizon Report, people accounted for nearly 90% of all security incidents in 2015.
Regardless of the fatuous articles of “removing the human element,” human interfaces can become far more effective, and affective, in preventing security breaches through adopting a business approach that expands security from an IT control to operational risk management and compliance.
Creating a secure business is not about replacing part of your business with security functions, it’s about adopting security as part of your business operations, as you do any other business function, and it is certainly not about believing that technology is capable of outflanking the human imagination.
We believe the key to being secure is the joining of the technical aspects of cyber security with the people and processes (operations) to create a complete strategy that goes beyond the traditional IT controls and is inclusive of operational risk management and compliance.
As so often happens, the hardest part, adapting our business culture, has been saved for last, but with 2,100,000,000,000 benefits to our future, we believe the time to change our thinking is now.
– Gary Merry, CEO