Cyber-security in the cost-of-living crisis

Jamie Akhtar at CyberSmart talks to Business Reporter about how businesses should continue to prioritise keeping cyber-safe, even during an economic downturn

• With the impending recession, businesses have to be mindful of expenses. How can they make the most of limited cyber-security budgets? Are there any areas that should be prioritised?

In recent months, we have seen how the incoming recession is squeezing budgets across all industries and business sizes. Nevertheless, those that will be hardest hit are the SMEs, which already have to make do with a tight budget. As difficult as it might be to hear, one simply cannot afford not to set aside a budget for cyber-security.

The guiding principle for any business looking to cut cyber-security costs is to try to cut as little as possible. Although it may seem like an easy way to save costs, it could very easily come back to haunt your business. The number of successful cyber-attacks tends to increase during economic downturns, at least in part because businesses cut far more than should.

Having said that, if push comes to shove, we would advise that the following key areas are prioritised: ensuring the business has anti-virus software, firewalls, VPNs (if employees are working remotely), properly secured networks and routers, data backups and cyber-insurance.

A framework should be adopted where the security essentials are not compromised. The government’s Cyber Essentials scheme is a great place to look for this; it will guide you through the minimum security tools/controls you need to have in place for adequate protection.

• Do you anticipate that the cost-of-living crisis will have an impact on the cyber-threat landscape?

Absolutely. In times like this, emotions are running high; people are stressed, scared, desperate, and this creates fertile ground for cyber-criminals. As mentioned before, it is also when most of us let our guard down on security while shifting our focus to other pressing concerns.

Moreover, we must not forget that cyber-criminal organisations are just as vulnerable to economic pressures as legitimate organisations are, and will likely feel compelled to ramp up their money-making efforts as a result.

In this climate, we can expect to see an influx of phishing scams and other social engineering ploys to manipulate people into taking actions against their best interest. This strategy is highly cost efficient for bad actors as they can send out campaigns widely at low-cost, boosting the probability of success. Of course, these social engineering attempts can also serve as an entry point for another tactic we’re likely to see more of - ransomware.

• Some businesses may be considering cutting down on their cyber insurance policy to save costs. Are they making the wrong move?

 This is a tricky one. In recent years, cyber-insurance premiums have risen astronomically as companies submit many more claims, and insurance firms, consequently, face significant losses. Despite these premium increases, GlobalData’s 2022 UK SME Insurance Survey found that around 44% of SMEs continued to have the same level of cover or they saw a decline. It’s no wonder then you’re considering cutting down on your cyber-insurance policy.

That said, while we wouldn’t go so far to say it’s a wrong move, it isn’t ideal considering it offers a vital last line of defence. At the end of the day, this is down to each individual business to decide for themselves.

In order to make the best decision for you, a thorough cost-benefit analysis should be conducted. You need to be honest about your security posture, assess the risks you face, and whether you can withstand the aftermath of a cyber-attack without the support provided by insurance.

Aside from that, what really needs to happen is a reformation of the insurance industry from utilising a ‘risk transfer’ model to one where good cyber-hygiene is treated as a condition for securing insurance.

As part of this, insurers and the businesses in question, should have complete visibility of their people, processes and technology as it relates to security. In having this visibility and ensuring minimum standards are met, premiums can be reduced to an affordable amount and cyber-risk can be better managed overall.

Jamie Akhtar is CEO and Co-Founder of CyberSmart

Main image courtesy of iStockPhoto.com