Cybersecurity is the main short-term risk of digitalisation Wed, 22nd Mar 2023 Article tags Digital paymentsRegulationGlobalTechnology The risks of a cyberattack are not new, but the accelerated pace of digitalisation has increased probability of such incidentsGovernments, such as in the US, UK and the EU, are responding by introducing new cybersecurity regulationsComplete security cannot be achieved so the focus must be on building cyber resilience Russia’s invasion of Ukraine has highlighted the imminent risk of cyberwarfare, but the vulnerability of digital networks has existed irrespective of geopolitical tensions. In 2022 we expect regulators to focus on framing tighter security standards and regulations to improve preparedness. Businesses will continue to focus on cyber threats as one of the key risks in the short to medium term. The vulnerability of digital ecosystems has been known for a while. It was in 1968 that the Pentagon’s Defense Science Board Task Force on Computer Security said that “contemporary technology cannot provide a secure system in an open environment.” Several incidents of data breaches, espionage, data theft have since been reported across the world. Ransomware attacks, which are among the most common forms of cyber threats, have since become more sophisticated in nature and increased in count. Microsoft (US) reported a surge in ransomware incidents encountered by its enterprise customers from about 40m at the start of 2018 to a little above 100m in 2021. In particular, it reported a spike in ransomware incidents in the early months of the pandemic in 2020, underlining the correlation between cyber attacks and digitalisation. Over the past year, cyber attacks have affected crucial national infrastructure as well as big technology companies. In 2020 US IT firm SolarWinds fell prey to a cyber incident that compromised the security of its clients including several US government agencies. In 2021, one of Apple’s blueprints for an unreleased product were at risk of being leaked; Colonial Pipeline made headlines that year after a cyber attack disrupted operations at the oil pipeline company for a week. As more devices get added into the digital world, that provides even more entry points for potential cyber attacks. According to CB Insights, a US-based research firm, the cost of cybercrimes is forecast to increase from about US$6trn in 2021 to US$10trn by 2025. Governments are tightening cybersecurity regulations In light of the increasing risk from cyber attacks, regulators across the globe are adopting a two-pronged approach to address this threat: Allocating funds to improve cyber resilienceIntroducing security standards and reporting mandates Both the US and UK governments have shown their willingness to increase spending on mitigating cyber threats in the past few years. For example, in December 2021 the UK government announced a £2.6bn (US$3.4bn) investment in its cyber and legacy IT systems as part of the National Cyber Strategy. In early 2022 US president Joe Biden signed into law the omnibus spending bill that included among other things, a US$2.6 billion (up by US$500m year on year) budget for the Cybersecurity and Infrastructure Security Agency (CISA). In addition to diverting funds government agencies are also busy fine tuning security frameworks and setting reporting mandates. For instance, the US Department of Defence will require that every organisation it works with would need to comply with its revised cybersecurity guidelines; the deadline is 2026. Under the newly passed Strengthening American Cybersecurity Act, companies operating in the critical infrastructure space will be required to report an incident within 72 hours to the authorities. Meanwhile, the European Commission is also finalising the terms of a revised version of its Network and Information security directive. In December 2021 the Commission proposed widening the scope of industries covered. The directive earlier covered the financial services, transport and healthcare sectors but now also includes public administration services, telecoms service providers and firms operating in the medical devices and pharmaceuticals segments. Cybersecurity remains a major risk With businesses often prime targets of cyber attacks, they will be investing heavily in improving security going forward. Companies recognise the need to invest in cyber preparedness and this explains why cybersecurity budgets are as important as investments in cloud computing and artificial intelligence. In 2021 Bank of America announced that it spent about US$1bn on cybersecurity, up from US$400m in 2010. Jamie Dimon, CEO of JP Morgan Chase, identified cybersecurity as one of the biggest threats to the US financial system back in 2019. In fact, cybersecurity budgets in the US financial sector have been increasing, especially as the US Federal Reserve has tightened regulations requiring banks to report a cyber incident to the regulator and customers within 36 hours. Cybersecurity threats will thus continue to be an ongoing risk for government and corporate entities. It is going to be incredibly difficult to completely avoid an incident (perhaps, even impossible). What can be done instead is invest in building cyber resilience to ensure minimal disruption in the event of an attack and to mitigate risks to ensure a faster recovery after an incident. Wed, 22nd Mar 2023 Article tags Digital paymentsRegulationGlobalTechnology