We’ve all been feeling the effects of inflation recently. Prices rose by 8.2% in the twelve months to June 2022, with the largest increases being seen in electricity, gas and transport prices.
Meanwhile, the cost of renting commercial property continues to rise, despite the decreased demand for office space amid the uptick in remote work.
It should be obvious why costs are on the rise; substantial disruption remains related to COVID-19, Russia’s invasion of Ukraine has disrupted supply chains and interest rates have been raised several times this year.
The Bank of England says that the causes of rising inflation are not likely to last, but it has warned that the prices of certain things may never come down.
Clearly, then, rising costs are not simply a temporary issue that we must get through. We must instead carefully plan for how we will deal with increased costs on a permanent basis.
One apparent measure is to look at ways your organisation can cut costs. For better or worse, the most likely targets will be parts of the business that don’t contribute to a direct return on investment.
However, before you start slashing budgets, you should consider the full effects of your decisions.
Take cyber security for example. It’s already notoriously underfunded, with IT teams and other decision makers being forced to make do with limited resources.
According to a Kaspersky report, a quarter of UK companies admit underfunding cyber security even though 82% of respondents have suffered data breaches.
The risk of cyber security incidents is even higher in the summer months, when staff holidays mean that cyber security resources are even more stretched than usual.
What’s at stake?
The global cost of cyber crime is predicted to reach $10.5 trillion (£8.8 trillion) in the next three years, more than triple the $3 trillion (£2.5 trillion) cost in 2015.
We’ve reached record numbers of phishing attacks, with the Anti-Phishing Working Group detecting more than one million bogus emails last quarter. Meanwhile, there were more ransomware attacks in the first quarter of 2022 than there were in the whole of 2021.
These are worrying signs for organisations, and an economic downturn will only make cyber criminals more determined to make money – especially as they know their targets are focusing on cutting costs.
But it’s not just the immediate costs associated with cyber attacks and disruption that organisations should be worried about. There are also long-term effects, whether that’s lingering operational disruption, reputational damage or regulatory action.
Consider the ongoing problems that British Airways faced after it suffered a cyber attack in 2018. It took the airline more than two months to detect the breach, creating enduring difficulties and ultimately resulting in a £20 million fine.
The ICO (Information Commissioner’s Office), which investigated the incident, found that British Airways was processing a significant amount of personal data without adequate security measures in place, and had it addressed those vulnerabilities, it would have prevented the attack.
There were several measures that British Airways could have used to mitigate or prevent the damage, including:
- Applying access controls to applications, data and tools to ensure individuals could only access information relevant to their job;
- Performing penetration tests to spot weaknesses; and
- Implementing multi-factor authentication.
In addition to the fine, British Airways settled a class action from as many as 16,000 claimants. The amount of the settlement remains confidential, but the cost of the payout was estimated to be as much as £2,000 per person.
Remarkably, the penalty and the class action represent a case of strikingly good fortune for British Airways. Had it come earlier, it would have been at the height of the COVID-19 pandemic when airlines were severely affected, and were it any later, it would have come during a period of massive inflation.
It’s a lesson that other organisations must take to heart. The GDPR is being actively enforced throughout the EU and UK, so organisations must ensure compliance.
Failure to do so will result in unforeseen costs at a time when every precaution must be taken to reduce costs.
Invest today, secure tomorrow
It’s long been accepted that it’s a matter of ‘when’ rather than ‘if’ you will suffer a cyber attack. When you do, you’ll have to invest heavily in security solutions on top of having to paying remediation costs.
In times of uncertainty, you need your services to be as reliable as possible. The challenges your organisation will face in the coming months as a result of falling consumer confidence are enough to deal with without having to contend with cyber crime and its inevitable fallout.
Investing in effective cyber security measures will enable your organisation to make the most of its opportunities in straightened circumstances.
You can find out how you can bolster your organisation’s defences quickly and efficiently with IT Governance’s range of training courses.
We want to help our customers get the most from their cyber security training this August.
Book any classroom, Live Online or self-paced training course before the end of this month and automatically receive:
- A free Cyber Security for Executive Management Self-Paced Online Training Course; and
- A free 1-year licence for the Cyber Resilience Staff Awareness E-learning Suite.
Don’t let the recession put your organisation at greater risk: make the most of your cyber security investments with IT Governance.