Global cyber-attack threats stand at the highest ever recorded level, jumping 14 percent from 2012 to 2013 (Cisco 2014 Annual Security Report). Furthermore, a recent Microsoft Security Intelligence Report found that operating system infection rates in the GCC countries were almost twice the worldwide average, with up to 13 computers out of every 1,000 being infected.
The general lack of cybercrime disclosure has made measuring the financial impact of cyber breaches challenging. Reporting of cyber attacks remain low as companies fear significant financial losses that might be incurred in litigation resulting from security breaches. Yet the US and Europe are set to take a tougher stance on cybercrime disclosure as information sharing becomes a vital component of creating a more robust cyber security strategy.
As cybercrime continues to evolve and develop, businesses need to ensure they combine effective technology, proactive strategy and qualified and diligent staff to best protect against cyber attacks.
- Governance: Cyber attacks require an integrated and cross-functional incident response involving IT Security, Communications, Business and Legal representatives and strong project management.
- Forensic Analysis: Businesses need to consider engaging independent forensic experts to investigate, evaluate and report on any perceived intrusion.
- In-House Training: Test and improve the incident response function by training IT, legal, audit and risk management teams – ensuring key personnel are familiar with the issues faced and can anticipate the legal and technical risks arising from an attack.
- Contracts: Organisations should understand their contractual and legal reporting requirements.
- Cyber-insurance: Insurance is an important tool for businesses in managing and transferring risk. It is anticipated that businesses in the Middle East will begin to invest in cyber-insurance as awareness of cyber vulnerability increases.