The Strategic Risk of Cybercrime: Prevention Deserves the Highest Priority
15 JulAs featured in IT Pro Portal, Information Age, Data IQ Online, and Network Security
By Co-Founder, and Director, Matthew Eddolls
The threat of cybercrime continues to evolve and grow as criminals adapt to new security measures and exploit changes in our online behavior. The only constant is our vulnerability: whatever new steps are taken, by companies or individuals, the criminals always seem to stay one step ahead.
This isn’t an even contest. Hacking and online fraud are difficult to combat because so much of it originates from multiple overseas jurisdictions.
- In 2015, 25% of large firms and around 15% of smaller businesses reported network penetration by unauthorized outsiders. Additionally, 90% of large firms experienced a security breach of some sort, with a median number of breaches at 14. These figures only represent detected incidents; the true numbers of IT Risk are likely far higher.
- Many companies are turning to cyber insurance to mitigate risks, but defining liability in a breach is often complicated, making coverage uncertain. Moreover, insurance does little to curb the growth of cybercrime; it merely shifts the financial burden.
Challenges of regulation and technology
The EU’s General Data Protection Regulation (GDPR) places responsibility for protecting personal data on businesses of all sizes, including hosted service providers. While it increases breach notifications and imposes larger fines on guilty parties, it is unlikely to reduce cybercrime significantly. Instead, heightened enforcement might drive criminals toward softer targets.
Emerging technologies such as advanced encryption, two-factor authentication, and password managers can improve defenses against current threats. However, as these technologies become widespread, cybercriminals often pivot to exploit new vulnerabilities, repeating familiar patterns. To stay ahead of these criminals, businesses must rethink their strategies.
Business leaders must take the lead
Cybercrime poses a significant threat to all organizations, regardless of size or type. Unfortunately, many businesses are underprepared:
- Only 37% of companies have a cyber incident response plan, according to PwC’s Global Economic Crime Survey.
- Fewer than 50% of board members have ever requested information about their organization’s cyber readiness.
- As of 2015, 32% of organizations had never conducted a security risk assessment.
This lack of awareness and governance exposes businesses to significant risk. Technology is integral to nearly all business operations, and the interconnected nature of these systems makes sensitive data and intellectual property accessible to cybercriminals. A single breach can result in replicated and widely distributed data, with long-term consequences that may threaten business viability.
A strategic approach to cybersecurity
Cybercrime is a serious strategic risk, and prevention and mitigation deserve the highest priority. Unfortunately, many business leaders mistakenly view cybersecurity as an IT issue rather than a company-wide responsibility. This reflects a fundamental misunderstanding of the threat, which is closely tied to user behavior.
Effective risk management for cybersecurity should follow the same principles as managing any other strategic threat:
- Understand vulnerabilities: Identify what makes your organization an attractive target and pinpoint key vulnerabilities.
- Assign responsibility: Break down tasks and assign them to the right individuals, ensuring senior-level visibility.
- Monitor and audit: Continuously test and audit all measures to ensure their effectiveness.
Ultimately, businesses must embed cybersecurity into all their processes. While this won’t stop cyberattacks, it can minimize losses and improve resilience.
The changing landscape of cybercrime
Cybercrime has become hugely profitable for organized criminals, spurring constant innovation and change in attack methods. One recent trend is the rise of sophisticated malware toolkits that require minimal technical expertise. Criminal masterminds can license these tools to others in exchange for a share of the proceeds.
With hacked personal data readily available in online marketplaces, cybercriminals have proliferated. The borderless nature of the internet allows perpetrators to focus on the easiest, most lucrative targets, often overwhelming crime-fighting agencies.
Frequently Asked Questions (FAQs)
1. Why is cybercrime a strategic risk for businesses?
Cybercrime poses a significant threat to sensitive data, intellectual property, and business viability. Breaches can result in financial losses, reputational damage, and regulatory penalties, making cybersecurity a critical aspect of risk management.
2. What role do business leaders play in cybersecurity?
Business leaders must recognize that cybersecurity is not solely an IT issue but a company-wide responsibility. They should ensure that risk management processes are in place, assign clear responsibilities, and regularly monitor and audit defenses.
3. What are the key steps to managing cybersecurity risks?
Key steps include identifying vulnerabilities, assigning responsibilities, monitoring actions, auditing defenses, and embedding cybersecurity into all business processes.
4. What makes organizations attractive targets for cybercriminals?
Factors such as valuable data, weak security measures, and untrained employees make organizations attractive targets. Cybercriminals prioritize ease of access and potential financial rewards.
75 Can cyber insurance fully mitigate the risks of a breach?
Cyber insurance can help offset financial losses but does not address the root causes of cybercrime or reduce its occurrence. Liability and coverage disputes can also complicate claims.
By addressing these questions, organizations can better understand the evolving risks and take proactive steps to protect themselves from cybercrime.
About Matt Eddolls
Matt is a co-founder and Commercial Director at CoreStream GRC. With 15 years of experience in risk system implementations at Deloitte and Accenture, Matt brings a strong background in guiding institutions through large-scale risk transformation programs. Since co-founding CoreStream GRC in 2004, he is driven by his commitment to ensuring projects stay on budget and deliver real business value. Outside of work, Matt enjoys photography, racing on the track, and spending time with his wife and daughter.
Connect with Matt on LinkedIn here.
COMPANY
CoreStream Ltd
20 Grosvenor Pl,London,
SW1X 7HN
4th Floor,
New York,
NY 10017
Privacy Overview
| Cookie | Duration | Description |
|---|---|---|
| _GRECAPTCHA | 5 months 27 days | Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. |
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
| Cookie | Duration | Description |
|---|---|---|
| _clck | 1 year | Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID. |
| _clsk | 1 day | Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| _gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
| CLID | 1 year | Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited. |
| MR | 7 days | This cookie, set by Bing, is used to collect user information for analytics purposes. |
| SM | session | Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains. |
| vuid | 1 year 1 month 4 days | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. |
| Cookie | Duration | Description |
|---|---|---|
| ANONCHK | 10 minutes | The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well. |
| MUID | 1 year 24 days | Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations. |
| Cookie | Duration | Description |
|---|---|---|
| __cf_bm | 30 minutes | Cloudflare set the cookie to support Cloudflare Bot Management. |
| Cookie | Duration | Description |
|---|---|---|
| _gat | 1 minute | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. |
| _uetsid | 1 day | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
| _uetvid | 1 year 24 days | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
| SRM_B | 1 year 24 days | Used by Microsoft Advertising as a unique ID for visitors. |
