Weaknesses are exploited and incidents go undetected. Fraudsters hide behind real and digital borders and their crimes are often victimless, making it easier to rationalise.
Companies are fully dependent on technology. Whether the focus of a cyber-attack is on data theft, unauthorised fund transfers, hiding losses or disrupting systems, the stakes have never been higher. A study by Protiviti, a global business and risk consultancy firm, noted cyber-security as a top-priority risk at board level for well-managed companies. But boards need to better understand their exposure and establish a risk appetite that prioritises those they can accept and those to be avoided.
Even with increasing investment, breach response rates are still too long and traditional cyber-risk management approaches are not working. Companies continue to play catch-up with tech-savvy fraudsters. While maturing technologies exist to help organisations respond, Protiviti’s cyber-security study revealed only 28 per cent of organisations have adopted them. Companies are still trying to get the basics right and cost is often a barrier.
In the fight against fraud, companies will need to accept a degree of inconvenience. However, if they are honest about risks they can live with and prioritise the risks they are not willing to accept, solutions can be implemented to minimise this inconvenience.
Jonathan Wyatt is global leader of Managing the Business of IT at Protiviti
+44 20 7024 7522