Cyber-attacks are becoming increasingly sophisticated and are affecting nearly 90 per cent of large organisations around the world. According to speakers at a panel discussion, organised by ICAEW’s Corporate Finance Faculty in the UAE, the most effective organisations at safeguarding their assets are those that continually gather intelligence on new cyber threats emerging in their industries. They also proactively investigate breaches and review their overall risk management plans regularly.
At the meeting on January 24, ICAEW members and guests discussed the threat of cyber-attacks on organisations.
Panellists included Patrick MacGloin, Middle East Cyber Risk and Privacy Leader at PwC; Nick O’Connell, Partner, Technology, Media and Telecommunications at Al Tamimi and Company; Darren Mullins, Director, Forensic Technology at Deloitte Corporate Finance; Simon Dodsworth, SVP, Mena Regional Head, Financial and Professional Risks at Marsh; and Ben Downton, Principal Consultant at MWR InfoSecurity and Control Risks. The discussion was moderated by David Petrie, Head of Corporate Finance at ICAEW.
“The digital age, which brought the world ever closer to trade, innovation and accountability, has also brought new and dangerous cyber threats – these are unseen, intangible and largely unmeasured,” said Mayor of London, Alderman The Lord Mountevans.
“Cyber-attacks don’t recognise borders and cost businesses as much as £400 billion every single year. In order to fight cyber-attacks, cyber-security has to be globally ambitious and must work internationally with all parties.”
Panellists agreed that there is no easy solution to respond to cyber-attacks; they are becoming more focused, innovative and global. Cyber-risk is a business risk that must be managed within an overall information and risk-management framework.
Michael Armstrong, FCA and ICAEW Regional Director for the Middle East, Africa and South Asia, said: “The fight against cybercrime has created a market for cyber-security practitioners, which is expected to grow from $75 billion in 2015 to $170 billion by 2020. Cyber-security criminals are more sophisticated, bold and resilient than ever. Understanding your risk profile is essential for protecting your business. Organisations must know the assets that need protection from cyber-attacks and the various threats that might hit their business.”
Speakers agreed that among the simple measures businesses can take are:
- Identifying where the value lies in what their business is doing
- Knowing the weak points of the business
- Understanding to whom data is given
- Understanding what needs to be done to mitigate risks
- Asking if they have a plan in place for cyber-attacks
Regarding mergers and acquisitions, panelists encouraged advisors to keep their communications as simple as possible and minimise the number of people involved in each deal. They also suggested protecting communications, the devices used, and implement cyber-security assessment with each M&A deal.
David Petrie said “No organisation or transaction is immune to the challenges posed by cyber security. As with any risk, the key to effective management is identifying and understanding the threats, level of the risks involved and putting in place security measures that are appropriate and proportionate to address them”
Speakers debated the benefits of stimulating attacks as part of a business’ cyber-security strategy. While some speakers recommended running such attacks to evaluate the level of response of the cyber-security systems, other speakers were anxious about the negative effects such attacks could have on businesses.