What Is There To Be Done About It?
Addressing cybersecurity successfully will be predicated on a significant psychological shift in thinking. A shift to thinking first and foremost about prevention, not cure. As cybersecurity expert Hans Holmer described it to me the other day “…by externalizing the responsibility associated with cybersecurity, those who are vulnerable willfully ignore the fact that their security essentially boils down to just what they are happy to let the intruders/thieves/hackers… do”.
There are many different ways nefarious intruders can be slowed down, the impact minimized, and the cost reduced. But it all has to be done with front-end protection. Think of it as akin to donning a crash helmet before riding a motorcycle.
All a Matter of Incentive
In my view, the real key to success is incentivizing people to establish cybersecurity and to maintain it effectively. The difficulty lies in determining just what that incentive should be. Protection of property and essential services is a universal need, but urgency is still lacking.
The graph above shows the average cost of cyber crime across countries. According to Statista, as of 2016, the average cost of a cyber crime in the United States (SPY) is the highest by far at a whopping $17.4 million. The average cost of cyber crime in Japan (EWJ) is $8.36 million. And as the graph suggests, cyber crime costs are rising.
So it’s important to take steps to prevent cyber crimes in the first place. The first step is to explain to employees that it’s cheaper to spend money on security rather than cleaning up after the attack. Companies should also deputize employees, since security is everyone’s job, by giving them the necessary authority.