Linked inTwitterFacebookSubscribe to Halcyon Headlines Feed

Halcyon monitors and analyses key markets, competitors, clients, issues, trends and hot topics. Please contact us to discuss how our insights can help you create value.

Please follow Halcyon's 52:52:52 campaign on Twitter, to keep up with the latest trends on 52 key personal, organisational and societal issues and 52 responses over the next 52 weeks.

Part consultancy, part thinktank, part social enterprise, Halcyon helps you prepare for and respond to personal, organisational and societal change.

Please see Halcyon's unique reporting on the United Nations Sustainable Development Goals (SDGs) and contact us to discuss how we can help you contribute to/create value from the SDGs.

What Happened? - Cybersecurity

blog image

Please see below selected recent external intelligence about cybersecurity. This is a synthesis of major recent developments at corporates, business schools, thinktanks, media, commentators, and other key influencers.

     

    October 2016

    Source: World Economic Forum

     

    July-August-September 2016

     

    • Cybersecurity is the number one technology issue in the C-suite and boardroom.
      Many senior executives are asking what they can be doing to stem the tide of cyber-attacks on their firms. The Economist Intelligence Unit, sponsored by Oracle, surveyed a global panel of senior executives with responsibility for cyber-security in their organisations. While virtually all of the companies reported net increases in cyber breaches, the research identified a subset that had succeeded in reducing their rate of growth by more than half over a two-year period.
    • Deloitte's ‘Changing the game on cyber risk’ claimed to offer specific strategies to address cyber risk more comprehensively.
      As the digital landscape continues to grow more complex, and cyber criminals become more sophisticated, business leaders (not just IT), across industries, are growing more anxious. They wonder how their organisation would respond in the face of a cyberattack. They question whether they’re sufficiently anticipating and preparing for a future attack. They want to know how well their organisation could absorb and recover from an attack, how well their most important digital assets are protected.
    • Deloitte also released Beneath the surface of a cyberattack: A deeper look at business impacts, a risk-based report outlining the depth and duration of cyber incidents in financial terms. Although cybersecurity is one of the most urgent issues of our time, the resulting impact of a cyber incident is still largely unproven. Recognising the need of business leaders to have clarity around the enterprise-wide effect of such events.
    • EY's Investigation and Dispute Services launched a defence and remediation tool named Radar 360 in order to defend financial loss disruption and breach of confidential data due to malware attack from cyber criminals.
    • The cybersecurity industry is in the midst of a deals boom as private equity buyers hunt for cash-generating companies and smaller start-ups get snapped up for their technology or in-demand security engineers. The total number of exits in the cyber security industry - the vast majority of which are deals - rose by a third from 2014 to 2015, according to PrivCo, the private company research firm. In the first quarter of 2016, notable deals in the industry increased by 50 per cent from eight to 12, the firm said.
    • PwC’s Game of Threats™ – an interactive cyber breach simulation for senior executives – has launched in the UK. The head-to-head digital card game pits teams of attackers against defenders and is designed to simulate the experience that leadership teams could realistically face in the midst of a cyber-attack. With nearly three quarters of CEOs regarding cybersecurity as one of the top three risks to their organisations, along with over-regulation and geopolitical uncertainty, it’s clear that increasing cyber threats and the number of recent public breaches is moving cyber security up the list of top business priorities. But if systems were breached and time was ticking, would boards and leadership teams be ready to respond?

     

    Selected further recent developments:
     

     

     

    June 2016

     

    • Although cybersecurity is one of the most urgent issues of our time, the resulting impact of a cyber incident is still largely unproven. Recognising the need of business leaders to have clarity around the enterprise-wide effect of such events, Deloitte Advisory released 'Beneath the surface of a cyberattack: A deeper look at business impacts,' a risk-based report outlining the depth and duration of cyber incidents in financial terms.

     

    • EY's Investigation and Dispute Services launched a defence and remediation tool named Radar 360 in order to defend financial loss disruption and breach of confidential data due to malware attack from cyber criminals.

     

     

    • Cybersecurity is the number one technology issue in the C-suite and boardroom. No wonder that many senior executives are asking what they can be doing to stem the tide of cyber-attacks on their firms. The Economist Intelligence Unit, sponsored by Oracle, surveyed a global panel of senior executives with responsibility for cyber-security in their organisations.  While virtually all of the companies reported net increases in cyber-breaches, the research identified a subset that had succeeded in reducing their rate of growth by more than half (from 21.1% to 9.8%, or a 53% reduction) over a two year period. 

     

     

     

     

     

     

     

     

    May 2016

     

     

     

     

     

    April 2016

     

     

     

     

    • Accenture is expanding its global security presence by opening a cyber centre in Bangalore, India. The new state-of-the-art facility uniquely brings together interdisciplinary capabilities, ranging from the innovation, incubation and development of new solutions to strategic consulting and transformation, and the managed delivery of a broad range of cyber defence services, enabling clients to tap into the latest strategies and technologies to address their toughest cybersecurity challenges

     

     

     

     

     

     

    • Cybercriminals are no longer solely attacking big corporations but are increasingly turning their attention to smaller firms, it has emerged, sparking fears that there is a new “back door” through which hackers can steal reams of data and cash. Nearly half of the global attacks logged during the course of 2015 were against small companies with fewer than 250 staff, as criminals sought to exploit their digital weaknesses to steal information, bring down websites and send spam. The research by internet security firm Symantec found that over the past four years, small firms have become a more attractive target, especially as larger companies have improved their cybersecurity systems, locking out hackers.

     

     

     

     

     

    March 2016

     

     

     

     

     

     

     

     

     

     

     

     

    • Companies are pushing ahead full force into the Internet of Things, but a new report has revealed a potentially major problem. AT&T's Cybersecurity Insights Report, which included a survey of more than 5,000 enterprises worldwide, found that 85% of enterprises are in the process of or are planning to deploy IoT devices, but only 10% feel confident that they can secure those devices against hackers.

     

     

     

     

    • See also:

     

     

     

     

     

    February 2016

     

     

    • Authored by Dennis Nally, PwC's newest CEO Insights blog post discussed cybercrime as a major threat to businesses according to our Global Economic Crime Survey.

     

     

     

     

     

    January 2016

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    December 2015

     

     

    • In 'Cyber-security: bad and getting worse', The Economist warned that headline-grabbing breaches of computer networks mushroomed in 2015, from Ashley Madison to American government databases. The bill rocketed, probably into the hundreds of billions - a huge wealth transfer from law-abiding victims to cyber-criminals. Most attacks depended on exploiting carelessness with simple trickery, not computer wizardry. The online criminal economy is evolving fast, with crime-as-a-service businesses offering customers technical support and profit-sharing schemes. Though the internet is fundamentally insecure, the means to foil most attacks are readily available: keep data encrypted, on well-designed networks, with access and connections carefully managed—and stay vigilant for anomalies. The biggest vulnerability for managers is people (“carbon-based errors”), not machines. In 2016 politicians, regulators, insurance companies, credit-rating agencies, shareholders, customers, suppliers and employees will demand more care from those entrusted with other people’s data. But change will come only after a lot more pain.

     

     

     

     

     

     

     

     

     

     

    • The era of the large-scale cybersecurity breach looks set to stretch into 2016, with new targets replacing the likes of as US-based Anthem Healthcare, Ashley Madison, a Canadian dating website for married people, and UK telecoms company TalkTalk in the headlines. Hackers have become experts in finding new vulnerabilities to exploit as soon as old holes are closed. In contrast, there has been no great leap forward in cybersecurity defences. Instead, security experts are predicting next year will see criminals abuse new technologies, such as the increasing reliance on mobile payments, and will see cyber attacks centred around political conflicts — from the battle with Isis to the US election.

     

     

     

     

    • In Sydney, Deloitte launched the latest in its global network of cybersecurity centres. The firm has 3500 cyber specialists across 46 countries. Founder James Nunn-Price explained Deloitte’s globally distributed model, “Most organisations have one big security operations centre and they put all their data into that centre and employ people in that area who might be multilingual. Our operation is different as we've realised people who are in the country will know more about what's going on in their country more than those who are not and they will speak the local language, know the local customs, and they will understand themes of the day in that region. Our Asia Pacific centres are now live and strategically located in Japan, Singapore, Malaysia, and India, linking to our new centre in Australia – with HK/China due to come on line next year.”

     

     

     

     

     

     

     

     

     

    November 2015

     

     

     

     

     

     

     

     

    • Recommended PwC cybsersecurity thought leadership:

     

    Secure assets: US CEOs consider
    new cybersecurity approaches
    Managing insider threats

    Key findings from the 2015 US State

    of Cybercrime Survey

    Study and considerations on Information Sharing and Analysis Organizations
    SecureAssets.jpg Managing Insider Threats.png cover Thumbnail.png ISAO.png
    GSISS 2016 key findings : Turnaround and transformation in cybersecurity The convergence of
    everything digital
    Securing the card
    payments infrastructure
    How cloud-enabled cybersecurity will transform your business
    GSISS 2016 thumbnail.png Convergence.png Securing the card payment.png How_Cloud_Enabled_Cybersecurity.png
    Managing cyber risks
    with insurance
    Big Data: Big benefits
    and imperiled privacy

    GSISS 2016
    Industry Snapshots

    10 minutes on the stark
    realities of cybersecurity
    Cyber Insurance.png Big data.png PowerAndUtilities.png 10mins stark.png

    Answering your cybersecurity questions

    The need for continued action

    Economic crime:
    A threat to business globally

    Understanding and preparing for the OCIE cybersecurity exams

    Why you should adopt the
    NIST Cybersecurity Framework
    Answering.png GECS 2014.png OCIE.png NIST Framework.png

     

     

     

     

    • Cybercrime was a hot topic at the October 2015 PwC EMEA FS Conference and Sector Universities.

     

     

     

     

     

    • More than one-third (36%) of global organisations still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY’s Global Information Security Survey 2015, 'Creating trust in the digital world'. The survey of 1,755 organisations from 67 countries examined some of the most important cybersecurity issues facing businesses today and found that 88% do not believe their information security structure fully meets their needs. When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its management’s tolerance for risk. The most likely sources of cyber attacks: criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) retained their top rankings. However, compared with last year’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.

     

     

     

     

     

     

    • PwC's recent EMEA FS conference in Barcelona dedicated one of its sessions to the 'Game of Threats'. To inspire executives to invest in the outcomes, Game of Threats engages players with high-intensity action and taps into their natural desire to defend their systems and defeat threat actors that target their companies. Players are divided into teams of 'company and threat actors', with intense competition on both sides, as our participants discovered after playing the game. The game challenges players to make quick, high-impact decisions with minimal information. This high-pressure environment is used by PwC to help executives assess their readiness to respond to a breach and practice striking the right balance between taking action and ensuring that the necessary cybersecurity resources are available and properly used.

     

     

     

    October 2015

     

     

     

     

     

     

     

     

     

     

     

     

    • A key cybersecurity partner of EY, US-based iSIGHT, is expanding its Australian presence. It plans to double its Australian headcount (of 10) within six months, after opening its first office in September. iSIGHT will be hiring for research, analytical, sales support and channel management roles. ISIGHT’s intelligence products can be integrated with third party offerings and the firm says it is currently tracking over 70,000 ‘threat actors’ in 17 languages using “signals intelligence, open-source intelligence collection and feet on the street”.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    September 2015

     

     

     

     

     

     

    • Deloitte has "absorbed" Oracle-specialist cyber risk consulting firm Qubit and its 22 employees, with its founders becoming Deloitte partners as of October 1st. Qubit was founded in 2005 and last financial year had revenues of $5m. Deloitte's cyber risk services leader, Tommy Viljoen, indicated that Qubit won't be the last acquisition in this space,  "Acquisitions will be focused on all areas of the digital portfolio, but we have a massive investment happening in the cyber space, including a new cyber intelligence centre, which we are putting millions into. We just don't see the other large accounting firms as being our rivals these days. We see the broader tech group being the rivals. Our focus has changed as we have moved away from the others."

     

     

     

     

     

     

     

     

    • A strategic alliance between EY and Los Alamos National Laboratory will allow EY to offer Los Alamos’ unique behavioural analysis cybersecurity tools to respond and quickly counter attacks. An announcement stated, “The alliance comes at a watershed moment when increasingly sophisticated cyberattacks are inflicting significant economic, social and even political damage to US organisations. The tools developed by Los Alamos and delivered to the private sector exclusively by EY LLP can help counter these threats by detecting them before they do deep and lasting damage". “We are very excited to be working with Los Alamos as part of our overall mission to transition their heritage of national cybersecurity and innovation to the private sector, and arming our clients with the most advanced tools and resources to combat cyber-threats, added the EY Americas Advisory Vice Chair. "This collaborative approach is reflective of our global strategy to help organisations manage cybersecurity better and doing our part to build a better working world.”

     

     

     

     

     

     

     

     

     

    August 2015

     

     

     

     

     

     

     

     

     

     

     

     

     

    July 2015

     

     

     

     

    • The banking industry has poured hundreds of millions of dollars into securing its networks, claimed the Financial Times. They have hired thousands of the brightest tech minds, plucking former intelligence officials from spy agencies and combing the networks of the Chaos Computer Club, Europe’s largest association of hackers, for recruits. Besides the obvious financial incentives for hacking banks, the sophistication of their security makes them a tempting target. The Financial Times interviewed top security officers at some of the world’s largest banks, but none would speak on the record for fear of prompting reprisals from hackers. And yet serious breaches happen.

     

     

    • In Why Cybersecurity Is So Difficult to Get Right, Harvard Business Review warned that it now seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. So HBR tried to answer key questions, for companies trying to secure their data, such as where do should they start and what should they think about?

     

     

    • EY US acquired Mycroft, a leading provider of cloud-based identity-as-a-service (IDaaS) and identity and access management (IAM) services. EY says the deal will expand its ability to help clients safeguard corporate assets from the increasing threat of cyberattacks by supporting secure access to critical applications and data. EY will immediately go to market with a cloud-based IDaaS and IAM managed services offering. This US acquisition is the latest in a series of cybersecurity deals by the firm, with $20 million earmarked for EY’s recently-launched Managed Security Operations Center (SOC), a global initiative designed to provide 24/7 tools and support to secure businesses around the world. The Mycroft team will join EY’s global cybersecurity group, which the firm expects to increase by 600% through 2020.

     

     

     

     

     

     

     

     

     

     

     

     

    • The latest PwC Central Cluster Master class was run at the end of June, delivering two days of Cyber Security training to 20 directors and senior managers. Some of the highlights include: cyber Security is one of the top three topics in most CIOs agenda; there is huge opportunity in cyberecurity FS across EMEA and globally; it is estimated that the annual cost of cyber crime to the global economy is in excess of $375billion; our largest banks have budgets in excess of 100m € to build their cyber security defence capabilities and 79% of B&CM CEOs see cyber risk as the biggest threat to growth. The session covered the following key topic areas: what is the cybersecurity challenge? security assessment, strategy and transformation programme; identity and access management; threat intelligence, network monitoring & incident response; data protection and privacy and digital channel security.

     

     

     

    June 2015

     

     

     

     

     

     

     

     

    • Still in the UK, a Tripwire survey asked which cybersecurity events had had the most impact on the awareness of boards. A security breach came first with 35% - not surprising perhaps - but specific external incidents also seem to have had a major impact.The Heartbleed vulnerability was mentioned by 19% the Sony Pictures and Target breaches by 17% each, and the Snowden leak by 8%.

     

     

     

     

    • EY is investing $20m to create a central Managed Security Operations Centre capable of predicting and mitigating cyber attacks. The five-year investment will provide the facility with several technical upgrades and increase the security team's size six-fold to have upwards of 1,200 skilled IT security professionals. The centre will aim to offer traditional log aggregation and monitoring capabilities, and a "unique integration of commercial off-the-shelf tools" designed to offer "deep insight into a wide range of technologies within customers' networks". EY will also offer customers an advanced security analytics platform "with a client portal to help ensure its team has full visibility of the operation of the managed centre".

     

     

    • EY identified a number of key findings about the CFO’s role in managing cybersecurity: threats are increasing in volume and sophistication, and breaches can have multimillion dollar implications; cyber attacks are highly strategic, and increasingly target manipulating shareholder value; 66% of CFOs make cybersecurity a high or very high priority; 35% of CFOs who say that cybersecurity is a “very high priority” report much greater collaboration with the CIO (only 18% of those that don’t make cybersecurity a very high priority report the same increase in collaboration with the CIO).

     

     

    • Inside PwC, a team from the Netherlands won the PwC Europe Innovation Challenge with its 'Cyber Business Review' proposition. This found that it is becoming clear that cyber risks have a strategic impact and will never be completely eliminated. Our clients need to protect their crown jewels by combining cyber defences and risk finance solutions. With Aon we provide a unique combination of cyber assurance and insurance expertise. The Cyber Business Review is aimed at CFOs and CEOs and gives insight in cyber defence and insurance maturity, quantification of cyber impact using key (non-)financial indicators, and a roadmap to improve cyber risk mitigation through a combination of “improving” and “insuring”.

     

     

     

    May 2015

     

     

    • Cybersecurity isn’t what it used to be, Deloitte's global chief information security officer told the Wall Street Journal. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession - but no longer. Cybersecurity professionals need to ask what they can learn from other professions.

     

     

     

     

     

     

    Lifting the lid on cyber risk

     

     

     

     

     

     

    • Capgemini asked the question: who exactly is responsible for cybersecurity? Is it government's responsibility in the laws, policies and guidelines it creates? Are businesses in the private sector, which take our credit card and personal details and store them, to be held accountable for both internal breaches and external attacks? Or is it down to us, the consumer, to choose our passwords wisely and keep our information safe? The truth, concluded Capgemini, is that for a security policy to be successful, everyone involved at each stage of an online transaction has to take a certain amount of responsibility and work together to achieve the common goal of protecting society from malicious hackers.

     

     

     

    April 2015

     

     

    Accenture-Outlook-cyber-security-checklist-snack.jpg

     

     

     

     

     

     

     

     

     

    • The role of sanctions is expanding to deal with cyber-crime explained that the US is authorising sanctions to penalise individuals, businesses and governments that "engage in malicious cyber-enabled activities"  that undermine U.S. security and financial stability. "Cyber threats pose one of the most serious economic and national security challenges to the United States, and my Administration is pursuing a comprehensive strategy to confront them," President Obama said in a written statement announcing the new sanctions regime.

     

     

     

    March 2015

     

     

    • Transforming cybersecurity: New approaches for an evolving threat landscape, which found that cyber attacks on financial services companies are both increasingly diverse - and therefore unpredictable - and are also here to stay. Many of these continue to be driven by financial gain. However, the ranks of attackers have increasingly grown to include others with social or political agendas that seek to destroy systems or create market havoc.

     

    • PwC Singapore launched its own new Cyber Security Centre of Excellence. The centre aims to serve the business community both locally and in the region through the provision of research, training and skill development, information sharing, communication, awareness and policy, standards and international cooperation. It will be headed by Vincent Loy, cyber leader, PwC Singapore, whol added that as Singapore moves closer to becoming a Smart Nation, the need for the right talent to ensure that the nation and our systems are well guarded against threats will become a growing imperative. PwC is working to build capabilities that will support businesses as they "go digital", he added.

     

    • KPMG Australia will acquire Asia Pacific cyber security technology solutions business, First Point Global, as part of a global strategy to expand the firm’s cyber capabilities.  The announcement marks the fourth cyber acquisition by the KPMG international network in the past five months. First Point Global specialises in identity and access management (IAM). Founding partners John Havers and Jan Zeilinga will join KPMG’s Cyber security leadership team and bring with them 30 professionals - the largest specialist IAM team in the country. The combined team, to be known as KPMG First Point Global, will offer clients a full spectrum of cyber services spanning consulting, systems implementation and ongoing support.

     

     

     

    February 2015

     

    • In Cyber Security: The Thorn That Can Cripple The IoT. Capgemini argued that, as the Internet of Things continues to grow, internet enabled systems will become an increasingly attractive target for cyber attacks. The IoT is estimated to grow into a $600 billion industry by 2019, however growing security risks could undermine its business opportunities. In a survey conducted by Capgemini Consulting, 71% of the respondents agreed that security concerns will influence customers’ purchase decisions for IoT products.

     

     

     

     

     

     

     

     

     

     

     

    January 2015

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    December 2014

     

     

     

     

    • The UK is particularly at risk when it comes to cybercrime, argued PwC. It is rich, its infrastructure for moving money around is slick, and it is saturated with technology. Over 60% of the population use smartphones. More than 80% of households are connected to the internet. Three-quarters of them shop online. According to PwC, 69% of companies in Britain experienced a cybersecurity incident in the past year, compared with 59% globally.

     

    • A report by CloudEntr, which canvassed the opinions of 438 IT pros across 20 plus different industries, found that 77% believe staff members are the weakest link in their security infrastructure, and a liability when it comes to cloud usage. Just over half of those surveyed also said that employee use of cloud-based services had made their organisation less secure – and when questioned about what their foremost worry was when it came to cloud security, 75% said it was the possibility that staff might be unwittingly exposing company data - details.

     

     

     

     

     

     

    • Businesses in China and Hong Kong face increasing losses from information security breaches, said PwC's Global State of Information Security Survey. Average losses from security incidents increased by 33% this year to US$2.4 million. "While the survey confirms our concerns that the financial impact of detected security incidents is increasing rapidly, many more attacks are either going undetected or unreported," claimed Samuel Sinn, PwC China risk assurance partner.

     

    November 2014

     

     

    • In Leading cyber risk management in a smaller, more perilous world: A secure, vigilant, and resilient approach, Deloitte claimed that, by bringing the cyber element into an integrated risk management approach, it is helping clients around the world protect their data, their brands, and their organisation's value. When its member firms’ Security and Privacy practices became Cyber Risk Services in 2014, it was more than a name change, Deloitte claims; it signalled a new dialogue and approach to the problem, distinguished by member firms’ abilities to bring the cyber element and a deep regulatory understanding into an integrated business risk management approach.

     

     

    • PwC UK launched an all-encompassing emergency service for businesses under cyber attack called BreachAid. This new global data privacy and protection practice and accompanying website is now available to clients. Our cyber-security and crisis-management experts are often called in by organisations to simulate cyber attacks to help them identify their vulnerabilities and to respond to incidents identified. The new service offers immediate help to organisations globally facing a security issue, including identifying and responding to a breach or leak, crisis management in the event of an incident, tackling the aftermath and handling any legal requirements. We have moved quickly to establish a leading position in the market as we seek to help businesses prepare for new regulation – set to be finalised by the EU in 2015 – which will lead to greater disclosure of security incidents in Europe.

     

    • Google, eBay, Facebook, Yahoo! foursquare and Microsoft allegedly want nothing to do with a proposed new EU cybersecurity law. In an open letter to Europe’s telco ministers, CCIA (the Computer & Communications Industry Association) said the proposed Network and Information Security (NIS) Directive should exclude internet enabling services and focus on “truly critical infrastructure”. When the law was first proposed by the European Commission, it included rules for so-called "enablers of information society services" aimed at online giants such as Google, Amazon, Ebay and Skype. However the European Parliament changed the text so that the rules will now apply only to companies that own, operate or provide technology for critical infrastructure facilities.

     

     

     

     

     

    October 2014

     

     

     

     

     

     

     

     

     

    September 2014

     

     

    • According to the recent Cyber Security - insights from GRP Hot Topic call, PwC now has approximately 1600 cyber specialists working in over 60 labs around the globe. This is a US$250m business globally with ambitions to reach $1bn by 201. Goal is to capture 4% of the addressable market in various aspects of cyber as a global business, through both organic and inorganic growth (eg. acquisitions including technical skillsets, activity around joint business relationships).

     

     

     

     

     

    August 2014

     

     

    • According to the FT, the cybersecurity market is now worth an estimated $15bn. It looks set to experience a considerable growth spurt as the rising number of high-profile cyber attacks pushes executives to boost security budgets. Earnings for cybersecurity companies are projected to grow 17 per cent for the next two years. A healthy pipeline of initial public offerings and mergers and acquisitions should also contribute to the growth of the sector.

     

     

     

    July 2014

     

     

    • In Cybersecurity and IP theft in China, EY warned that China’s rapid transformation from an agrarian society into an industrialised, high-tech economy created a fertile environment for hackers seeking to steal IP and other types of sensitive corporate data. Many corporations were so focused on growth that they failed to develop adequate controls and safeguards to protect corporate assets and IP against cyber attacks. More companies are putting those controls in place, however, as China’s economy matures.

     

     

    • In its Defending the digital frontier special report, The Economist warned that companies, markets and countries are increasingly under attack from cyber-criminals, hacktivists and spies, and that they need to get much better at protecting themselves.

     

     

    June 2014

     

    • In 4 Ways CIOs Can Help Fight Financial Crime, Deloitte argued that financial crime may not preoccupy CIOs, but those who pay closer attention may uncover significant financial savings for their companies. Financial crime can cost serious money. Large banks accused of failing to detect and prevent money laundering, for example, have paid anywhere from $160 million to nearly $2 billion in regulatory fines or forfeitures to settle those allegations, according to various media reports. One health care provider paid $1.7 billion in criminal fines, civil restitution, and other fees and penalties after being investigated for health care fraud and paying kickbacks to doctors. Then there are the costs associated with investigating suspected financial wrongdoing and bolstering compliance programs after the fact, both of which can easily enter the millions.

     

     

     

    • According to the FT, for the Big Four, cyber security is a potentially lucrative revenue stream. Large firms can charge clients up to tens of millions of dollars for cyber security assignments. For example, EY further strengthened its IT and Cyber Risk practice in May with the appointment of John Milne, the former head of operational resilience at the Bank of England. A few months earlier, PwC poached the former managing director of cyber security at Barclays Bank to be a partner in its own cyber security practice, while KPMG says specialist expertise is needed to tackle four main areas of potential cyber threats. These are: hacktivists, organised crime, company insiders – either intentional or unintentional – and state-sponsored entities.

     

     

    May 2014

     

     

     

    • Business2Community examined the growing cybersecurity demands in a globalised network. The world economy does indeed depend heavily on online transactions, and that is the biggest reason why we need top-notch cybersecurity measures in place on a global scale, it claimed.

     

     

     

     

     

    • Monadnock Research published its Cybersecurity Consulting Practice Leadership Quadrants, where the consulting and advisory practices of 59 leading firms have been analysed and the results presented. Cybersecurity services within the scope of this analysis included organisation-level and operational security strategy; fraud prevention, and risk mitigation and management; governance, standards and compliance; assessment, breach mitigation and cyber defence; identity authentication, malware detection, software woe development; and support of information assets across on-prem and cloud environments, hardware and software infrastructure, and business application portfolio.

     

     

    April 2014

     

     

    • The potential for a global cyber catastrophe was also examined in the FT. With Systemically Important Technology Enterprises (SITES) so deeply embedded in business productivity that they pose a serious risk to the overall economy, the article questioned whether greater diversity of data architectures should be explored to reduce that risk - details.

     

    • The UK government launched its Computer Emergency Response Team (CERT-UK), with the aim of bolstering the UK's defences against cyber threats ranging from hackers to state-sponsored attacks. The body will deal with "cybersecurity incidents" of national significance. It will also provide advice and alerts on cyber-threats to government, industry and academia - see details.

     

     

    March 2014

     

    • The increasing frequency, sophistication and business impact of cyber-attacks have pushed cybersecurity planning and protection from an operational concern of IT departments to a key theme on the strategic agenda of senior leaders. Some key findings of Bain’s recent “” report: The median per-organisation cost of cybercrime jumped 56% to $5.9 million in 2011 over 2010, the most recent data available; Web-based attacks during the same period increased to 4,500 per day, a 36% increase; Mobile malware quadrupled in 2013, with Android attacks increasing exponentially by an 26 times; Distributed denial of service (DDoS) attacks increased 27%; and Financial motives now drive nearly 95% of cyber-attacks,  targeting strategic assets that can be quickly monetised after a breach, according to Bain.

     

    • PwC's own Global Economic Crime Survey 2014l ooked at the causes and  effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

     

    • Google acquired start-up Spider.io as part of its initiative to stamp out fraud in online advertising.  Spider.io has exposed several high profile scams within the past year and posted detailed accounts of the activities on its website. Among these was the identification of the infamous Chameleon bot, which is estimated to have generated more than 9m false advert impressions each month across more than 200 websites - more details.

     

    • Further related links in March 2014:

     

     

    February 2014

     

    • PwC's own Global Economic Crime Survey 2014 looked at the causes and effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

     

    • PwC's Forensic Services discussed the implications for clients of our latest report into how the fraud landscape has changed, in a webcast. If you’re interested in finding out what our respondents said in The changing face of fraud and what it means for organisations in the UK, you can watch the webcast here. The report, part of the Global Economic Crime Survey 2014, reflects the changes in economic crime over the last few years, the major trends we’ve identified from the 372 respondents in the UK, and comparisons against the opinions of over 5,000 global respondents. If you’d like to read the report and take a more in-depth look at the findings please go to www.pwc.co.uk/crimesurvey.

     

     

    • Audit committee members are becoming increasingly concerned by cyber threats but the quality of information they receive has declined over the last year, according to a new survey by KPMG. Globally, 45% of respondents did not feel that their committee devoted enough agenda time to the issue. But this rose to nearly six in 10 (58%) in the UK.

     

     

    January 2014

     

     

    • PwC US and Ridge-Schmidt Cyber LLC, announced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

     

     

    November 2013

     

     

     

     

    • UK banks took part in a simulation to test their cyber security. Richard Horne, a PwC UK Cyber Security partner who recently joined us from Barclays, was interviewed by the BBC and quoted widely in the press. We featured in The FT, The Times and Reuters and in trade/regional press such as Computer Weekly, SC magazine and the Irish Examiner. Commenting on this exercise puts us, and our Cyber Security practice, in a great position with the media on what is a Tier 1 national security threat.

     

     

     

    October 2013

     

    • For the seventh year running, the EIU, commissioned by Kroll, surveyed senior executives from around the world across a wide variety of sectors and functions. This year’s 901 respondents report that fraud remains a widespread problem regardless of the industry or region in which their businesses operate. It is also as protean, and hence unpredictable, as ever. The results of our 2013 report reveal a number of key insights: 1. The incidence and costs of fraud rose markedly in the past year, in turn driving up companies’ sense of vulnerability. 2. Information-related fraud is common and evolving, but many companies are not prepared if things go wrong. 3. Fraud remains an inside job, but so does its discovery. 4. Global business practices often increase fraud exposure. 5. Those with local knowledge see fraud risks everywhere.

     

     

    • Risk Angles: Five questions on the evolution of cyber security, Deloitte argued that, while cyber security used to be considered an issue primarily for the IT team, these days it is an agenda item for the entire C-Suite. What’s changed? It’s not just the frequency of media reports on cyber security breaches -  if anything, these are merely symptomatic of a larger shift underway. Cyber crime is fuelled by increasingly sophisticated technologies along with relatively new trends in mobility usage, social media and rapidly expanding connectivity - all in the hands of more organised online criminal networks.

     

     

    • PwC US and Ridge-Schmidt Cyber LLC, announced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

     

    September 2013

     

    • PwC joined the World Economic Forum's Partnering for Cyber Resilience, an initiative to promote a coordinated approach to managing the risks and opportunities. “In the hyper connected digital age, cyber risk and resilience is a fundamental issue facing the global economy. We are committed to supporting these global principles which will contribute to global economic stability and prosperity by helping businesses better manage the risk of ever increasing threats to their data," said PwC global chairman Dennis Nally.

     

    • Security incidents detected at companies globally rose 25% in the past 12 months, but many are defending future threats with yesterday's strategies, says PwC's Global State of Information Security Survey 2014. Despite a rise in security spending, firms have been outpaced by their adversaries, the report found. Said PwC Advisory Principal Mark Lobel, "It is essential that executives actively re-evaluate and update their security strategies and practices on a continual basis to keep pace with today's threat actors."

     

    • Demand for advice on issues such as cyber security has led to professional services firm EY's latest recruitment drive. In the UK, EY is looking to hire 2,400 experienced people in the next 12 months to meet growing demand from its clients for advisory services. It will also hire 700 graduates, 500 undergraduates and 150 school leavers.

     

    • Global operations of companies often involve complex layers of business partnerships in countries around the world. Companies that strive for sustainability already know very well that most of their operations’ impact happens in these supply and distribution chains, often in countries far removed from the corporate headquarters. That is true when it comes to environmental and labour standards but it is equally true in the area of fighting corruption.In today’s world, value chains – i.e. networks of suppliers, distributors, and other business partners – often stretch across countries with varied legal structures, enforcement mechanisms, and business cultures.

     

     

    July 2013

     

    • Thousands of companies worldwide plan to update systems and policies that act as their first line of defence against fraud and other hidden risks. The action will follow a sweeping overhaul of the most widely used guidelines for those safeguards. The new guidelines, which many companies expect to adopt by the end of next year, are for internal controls which the US government has required  at public companies for the past decade.

     

    • Malicious cyberattacks increasingly are aimed at core infrastructure of the securities markets and could present risks to the entire financial system, according an International Organisation of Securities Commissions report. It warns that cybercrime has become significantly more sophisticated and more challenging to defend. Hackers now focus on destabilising attacks, particularly at financial exchanges, with the aim of damaging public websites and online services.

     

     

    • Transparency International published its 2013 Corruption Barometer, which reports the findings of a survey of 114,000 people in 107 countries on their interactions with corruption, the institutions and sectors they see as most corrupt, and their perceptions on whether they have a role in combating corruption. The report captures a number of trends, including the view that corruption is worsening across many sectors; it also calls for governments to strengthen their accountability platforms and enhance standards for procurement and public financial management. This year’s survey found that 27% of people report having paid a bribe in the past year, nearly the same percentage as in the 2010/2011 report (26%). This indicates that more than a quarter of people surveyed have been touched by bribery.

     

    • In a special report, the FT warned that cyber security is a dominant feature of the global political agenda, with the focus having changed from weapons of mass destruction to a “credible threat of cyber attack capability”. Industrial-scale theft of intellectual property has undermined competition and strained relations between China and the west. Meanwhile, security experts have made the humbling admission that the sophistication and evolution of the attacks are outpacing the defence.
    Timelines
    Spaces
    Signifiers