We all know cyber-security is big business. As organizations digitally transform and put more of their front- and back-office processes online, they are, in turn, creating an increased attack surface for hackers to target.
We are seeing this played out in perpetual breaches of websites and customer databases, such as the recent British Airways case in which personal and financial details of 380,000 customers were exposed. We also see the exposure of back-office systems and processes, putting an organisation’s operations at risk. This was evident in the impact of last year’s NotPetya ransomware attack which reportedly cost pharmaceutical giant Merck & Co. in the region of $670 million, and could cost shipping company Maersk up to $300 million in losses.
Attacks such as these are becoming more regular and more disruptive, and this upward trend has created huge spending requirements as enterprise level boards have opened their eyes to the challenges now facing them. A recent article by Financial Times suggests that two-thirds of companies will raise their budgets for cyber security by at least 5% over the next year in response to increasing data breaches. And while SMEs are just as vulnerable, they tend to be less aware of their security requirements. As larger businesses harden their own protection, however, they will begin to push their own security requirements down the supply chain – an area clearly vulnerable to attack. Greater security provisions are therefore likely to increase throughout the chain.
None of this has gone unnoticed by investors, and the current environment has opened up a number of opportunities for cyber-security start-ups looking for investor funding.
Addressing the skills shortage
Due to the current shortage of qualified cybersecurity professionals, managed security services provide significant value for both SMEs and larger businesses.
Additionally, there will be opportunity in overcoming these shortages, such as automating the repetitive elements of threat monitoring and allowing human experts to focus their time more effectively on creatively addressing any cyber-security incidents that occur
As this comment by Fortinet outlines, as criminals increasingly deploy automation to increase the pace of threats, automating the response is essential to keeping businesses safe.
From boardroom to shop floor
Cyber-security today is a boardroom issue; CEOs can – and do – lose their jobs over poor security provisions.
Given the increased complexity of threats, there is a real need to make them visible not only to the CIO and their team, but also to CEOs and all at board level. There will be a large market for services which support an organisation’s CISO in describing and analysing threats, and then presenting them to their board.
Keeping employees cyber-safe
Finally, as employee negligence is one of the main causes of data breaches, more needs to be done to remove the risks attached to user behaviour. Current training will typically try to minimise the likelihood of users responding to phishing attacks by encouraging them to actively monitor their own behaviour, using methods such as teaching basic password hygiene.
In order to gain access, hackers only need one user across a network to fail to respond properly, so this training approach is high risk. Instead there is a demand for systems which actively warn users of potential risks, or limit their ability to input their details online. Cyber-security start-up Garrison, for example, which raised $12 million in a Series A funding round in March 2017, creates a secure browsing environment that isolates users’ machines from compromising material.
As long as hacks and data breaches continue to make the headlines, and businesses continue to invest in preventative measures, cyber-security technology, particularly businesses that address the issues outlined above, will continue to appeal to investors.
This article was originally published in SC Magazine.
Credit: SC Magazine, Financial Times, PWC
© De Angelis & Associates 2019. All rights reserved.