Linked inTwitter

The 52:52:52 project, launching both on this site and on social media in early 2024 will help you address 52 issues with 52 responses over 52 weeks.

A Mundane Comedy is Dominic Kelleher's new book, which will be published in mid 2024. The introduction is available here and further extracts will appear on this site and on social media in the coming months.

This site addresses what's changing, in our own lives, in our organisations, and in wider society. You'll learn about key changes across more than 150 areas, ranging from ageing and time, through nature and animals, to kindness and love...and very much else inbetween.

Halcyon's aim is to help you reflect on how you can better deal with related change in your own life.

What's Changing? - Security

blog image

 

Please see below selected recent cybersecurity-related change. 

 

See also:

 

December 2022

 

July 2022

  • An anonymous hacker claimed to have stolen the police records of about one billion Chinese citizens, almost three-quarters of the population, in what could be one of the biggest data hacks of all time 

 

June 2022

 

April 2022

 

March 2022

 

January 2022

  • The World Economic Forum’s Centre for Cybersecurity published its Global Cybersecurity Outlook 2022, bringing together insights and key findings from more than 120 global cyber leaders, and highlighting their perceptions, concerns, and projections. The outlooked revealed three main perception gaps between security-focused executives and business executives - prioritising cyber in business decisions, gaining leadership support for cybersecurity and recruiting and retaining cybersecurity talent.

 

September 2021

  • The UN released its most substantial recommendations to date for how governments can secure cyberspace from escalating conflict. The recommendations recognised that international law applies to state behaviour online and listed specific sectors that should be considered critical infrastructure and thus off-limits to attack, including healthcare, the electrical grid, education, financial services, transportation, telecommunications and electoral processes. 

 

August 2021

  • EY's Global Information Security Survey 2021 report showed that 81% of organisations sidestepped cyber processes and did not consult cybersecurity teams at the planning stage of new business initiatives, even though 43% have never been as concerned as they are now about their ability to manage the cyber threat and 77% had seen an increase in the number of disruptive attacks, such as ransomware.
  • With online attacks increasing exponentially in recent years, more and more companies are looking at purchasing cyber-liability insurance, which explicitly covers losses in the event of a cyberattack.
  • Western intelligence services warned that universities and other knowledge hubs, such as hospitals and labs, have become the focus for foreign intelligence gathering efforts. Students and PhDs from Iran, North Korea and China have been used as an advanced guard by state services. To make things worse, educational institutions have also become lucrative targets for hackers and ransomware gangs.

 

July 2021

 

June 2021

  • The Economist analysed what it calls the curse of growing cyber-insecurity. One threat is catastrophe. All countries have vulnerable physical nodes such as oil pipelines, power plants and ports whose failure could bring much economic activity to a standstill. The financial industry is a growing focus of cybercrime and regulators have begun to worry about the possibility of an attack causing a bank to collapse. Another threat is harder to spot. Computers are being built into cars, houses and factories, creating an industrial “internet of things”. 

 

January 2021

  • A combination of low-probability but high-impact risks and inexorable technology trends will make 2021 the year that cyber conflict creates unprecedented technological and geopolitical risk in cyberspace.

 

September 2020

  • Microsoft released the Digital Defense Report, covering cybersecurity trends from the past year. This report made it clear that threat actors had rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

 

July 2020

 

January 2020

  • The majority of hostile cyber operations by states amount to low-level intrusion, below the threshold of use of force. In a research paper, Chatham House explored how the principles of non-intervention and sovereignty apply to such cyber-operations, and provided suggestions on how to make progress towards building international consensus on the legal framework.

 

December 2019

 

November 2019

  • The Paris Call for Trust and Security in Cyberspace launched in 2018 with the commitment of signatories to stand up to cyber threats like election interference, attacks on critical infrastructure, and supply chain vulnerabilities. By the first anniversary of the call, the number of signatories had nearly tripled to more than 1,000 and now includes 74 nations; more than 350 international, civil society and public sector organidations; and more than 600 private sector entities. 

 

July 2019

 

June 2019

  • More than 50 countries signed an international agreement on cybersecurity principles. Along with those countries and more than 200 companies, some Big Tech companies including Microsoft, Google and Facebook were signatories to a commitment to end malicious cyber activities in peacetime. While the agreement was non-binding, it was an attempt to develop norms and standards for the ways in which countries behave in cyberspace. Noticeably absent from the list of signers: Russia, China, North Korea, Israel and the United States, noted Future Today Institute.

 

May 2019

  • Cybercrime caused an estimated $3 trillion in damages in 2015, according to research firm Cybersecurity Ventures. The company expected that figure to double to $6 trillion by 2021. Corporations face a “defender’s dilemma,” which a security manager inside Google, summed up this way: “The defender has to be strong everywhere, every day. The attacker only has to win once.” For each set of bad guys, the defence side needs veritable armies, beefing up armaments and rushing to the rescue at the first sign of an attack, yet, by the early 2020s, there could be roughly 3.5 million unfilled cybersecurity jobs across the globe.
  • For GZEROMedia, one of the best moves is to take an attacker's weapon and turn it back on them. That's just what China did - in cyberspace: after American operatives used a particular bit of code to attack Chinese computer systems, Chinese hackers took it, repurposed it, and used it to attack a bunch of US allies, according to The New York Times.
  • Kickstarter's co-founder thinks the internet is becoming a space of dark forests. As the internet becomes an ever more hostile space, real conversation is retreating into the perceived safety of private channels, invitation-only message boards, text groups, even newsletters and podcasts. These "dark forests" grow because they provide psychological and reputational cover. They allow us to be ourselves because we know who else is there.
  • Inc.com notes that cyber risk insurance will increase because hacks can be so costly to businesses. In recent years more insurance companies have begun offering coverage for security-related expenses like liability and data recovery costs. The trend may go further to include more protection against hacks, such as reimbursing revenue that's lost while a company is recovering from an attack or repairing reputational damage that occurs as a result of it. Underwriting policies will be a challenge, though, since it will likely require getting businesses to agree to provide a lot of access to their infrastructure.

 

March 2019

  • The School of Life believes that what most of us long for above all else is ‘security’, the sense that we are – at last – safe on the earth. We pin our hopes for security on a shifting array of targets: a happy relationship, a house, children, a good profession, public respect, a certain sum of money. We may mock the term ‘happily ever after,’ synonymous as it is with naive children’s literature but in practice, we do indeed tend to live as if we could one day, somewhere over the horizon, reach a place of rest, satisfaction and safety. However, we can never properly be secure, because so long as we are alive, we will be alert to danger and in some way at risk. The only people with full security are the dead.
  • The #SafePlaces movement had by 2019 seen more than 300 restaurants and bars in Mexico City commit to offer women shelter if they found themselves in danger. #SafePlaces was a response to rising rates of femicide, harassment and kidnapping in Mexico. Participating establishments trained their staff on how to attend to women in dangerous situations, and committed to let victims call the police or a taxi from their business. Women can find a local #SafePlace in a public Google doc.  

 

February 2019

 

January 2019

 

December 2018

 

November 2018

  • Cyberattacks that rip across the internet at light speed, election meddling and disinformation that tears at the fabric of democracy, the brazen theft of personal data and trade secrets – it’s the Wild West out there in cyberspace, warned GZEROMedia. French President Emmanuel Macron called for an international agreement to bring some order to the electronic frontier.Figuring out who launched an attack is hard when hackers from one country can launch viruses from servers in another. The boundaries between state-sponsored cyber operatives and criminal hackers are often fuzzy, giving governments plausible deniability when using these tools.
  • Further reading:

 

October 2018

 

September 2018

 

August 2018

 

July 2018

 

June 2018

 

March 2018

  • GZERO Media warned that there’s no Geneva Convention for cyberspace at the moment. Without global agreement on the distinction between online behaviour that is merely bad and what’s truly unacceptable, it’s difficult to determine proportionality in the cyber realm. Does large scale IP theft, for example, demand the same response as hacks or disruptions of critical infrastructure?  
  • See also: Cybersecurity: The role of the board of directors‘Cyberphobia’, by Edward Lucas - FT.com

 

Pre-2018

2016

 

 

 

May 2016

 

 

 

 

 

April 2016

 

 

 

 

  • Accenture is expanding its global security presence by opening a cyber centre in Bangalore, India. The new state-of-the-art facility uniquely brings together interdisciplinary capabilities, ranging from the innovation, incubation and development of new solutions to strategic consulting and transformation, and the managed delivery of a broad range of cyber defence services, enabling clients to tap into the latest strategies and technologies to address their toughest cybersecurity challenges

 

 

 

 

 

 

  • Cybercriminals are no longer solely attacking big corporations but are increasingly turning their attention to smaller firms, it has emerged, sparking fears that there is a new “back door” through which hackers can steal reams of data and cash. Nearly half of the global attacks logged during the course of 2015 were against small companies with fewer than 250 staff, as criminals sought to exploit their digital weaknesses to steal information, bring down websites and send spam. The research by internet security firm Symantec found that over the past four years, small firms have become a more attractive target, especially as larger companies have improved their cybersecurity systems, locking out hackers.

 

 

 

 

 

March 2016

 

 

 

 

 

 

 

 

 

 

 

 

  • Companies are pushing ahead full force into the Internet of Things, but a new report has revealed a potentially major problem. AT&T's Cybersecurity Insights Report, which included a survey of more than 5,000 enterprises worldwide, found that 85% of enterprises are in the process of or are planning to deploy IoT devices, but only 10% feel confident that they can secure those devices against hackers.

 

 

 

 

  • See also:

 

 

 

 

 

February 2016

 

 

  • Authored by Dennis Nally, PwC's newest CEO Insights blog post discussed cybercrime as a major threat to businesses according to our Global Economic Crime Survey.

 

 

 

 

 

January 2016

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

December 2015

 

 

  • In 'Cyber-security: bad and getting worse', The Economist warned that headline-grabbing breaches of computer networks mushroomed in 2015, from Ashley Madison to American government databases. The bill rocketed, probably into the hundreds of billions - a huge wealth transfer from law-abiding victims to cyber-criminals. Most attacks depended on exploiting carelessness with simple trickery, not computer wizardry. The online criminal economy is evolving fast, with crime-as-a-service businesses offering customers technical support and profit-sharing schemes. Though the internet is fundamentally insecure, the means to foil most attacks are readily available: keep data encrypted, on well-designed networks, with access and connections carefully managed—and stay vigilant for anomalies. The biggest vulnerability for managers is people (“carbon-based errors”), not machines. In 2016 politicians, regulators, insurance companies, credit-rating agencies, shareholders, customers, suppliers and employees will demand more care from those entrusted with other people’s data. But change will come only after a lot more pain.

 

 

 

 

 

 

 

 

 

 

  • The era of the large-scale cybersecurity breach looks set to stretch into 2016, with new targets replacing the likes of as US-based Anthem Healthcare, Ashley Madison, a Canadian dating website for married people, and UK telecoms company TalkTalk in the headlines. Hackers have become experts in finding new vulnerabilities to exploit as soon as old holes are closed. In contrast, there has been no great leap forward in cybersecurity defences. Instead, security experts are predicting next year will see criminals abuse new technologies, such as the increasing reliance on mobile payments, and will see cyber attacks centred around political conflicts — from the battle with Isis to the US election.

 

 

 

 

  • In Sydney, Deloitte launched the latest in its global network of cybersecurity centres. The firm has 3500 cyber specialists across 46 countries. Founder James Nunn-Price explained Deloitte’s globally distributed model, “Most organisations have one big security operations centre and they put all their data into that centre and employ people in that area who might be multilingual. Our operation is different as we've realised people who are in the country will know more about what's going on in their country more than those who are not and they will speak the local language, know the local customs, and they will understand themes of the day in that region. Our Asia Pacific centres are now live and strategically located in Japan, Singapore, Malaysia, and India, linking to our new centre in Australia – with HK/China due to come on line next year.”

 

 

 

 

 

 

 

 

 

November 2015

 

 

 

 

 

 

 

 

  • More than one-third (36%) of global organisations still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY’s Global Information Security Survey 2015, 'Creating trust in the digital world'. The survey of 1,755 organisations from 67 countries examined some of the most important cybersecurity issues facing businesses today and found that 88% do not believe their information security structure fully meets their needs. When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its management’s tolerance for risk. The most likely sources of cyber attacks: criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) retained their top rankings. However, compared with last year’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.

 

 

 

 

 

 

  • PwC's recent EMEA FS conference in Barcelona dedicated one of its sessions to the 'Game of Threats'. To inspire executives to invest in the outcomes, Game of Threats engages players with high-intensity action and taps into their natural desire to defend their systems and defeat threat actors that target their companies. Players are divided into teams of 'company and threat actors', with intense competition on both sides, as our participants discovered after playing the game. The game challenges players to make quick, high-impact decisions with minimal information. This high-pressure environment is used by PwC to help executives assess their readiness to respond to a breach and practice striking the right balance between taking action and ensuring that the necessary cybersecurity resources are available and properly used.

 

 

 

October 2015

 

 

 

 

 

 

 

 

 

 

 

 

  • A key cybersecurity partner of EY, US-based iSIGHT, is expanding its Australian presence. It plans to double its Australian headcount (of 10) within six months, after opening its first office in September. iSIGHT will be hiring for research, analytical, sales support and channel management roles. ISIGHT’s intelligence products can be integrated with third party offerings and the firm says it is currently tracking over 70,000 ‘threat actors’ in 17 languages using “signals intelligence, open-source intelligence collection and feet on the street”.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

September 2015

 

 

 

 

 

 

  • Deloitte has "absorbed" Oracle-specialist cyber risk consulting firm Qubit and its 22 employees, with its founders becoming Deloitte partners as of October 1st. Qubit was founded in 2005 and last financial year had revenues of $5m. Deloitte's cyber risk services leader, Tommy Viljoen, indicated that Qubit won't be the last acquisition in this space,  "Acquisitions will be focused on all areas of the digital portfolio, but we have a massive investment happening in the cyber space, including a new cyber intelligence centre, which we are putting millions into. We just don't see the other large accounting firms as being our rivals these days. We see the broader tech group being the rivals. Our focus has changed as we have moved away from the others."

 

 

 

 

 

 

 

 

  • A strategic alliance between EY and Los Alamos National Laboratory will allow EY to offer Los Alamos’ unique behavioural analysis cybersecurity tools to respond and quickly counter attacks. An announcement stated, “The alliance comes at a watershed moment when increasingly sophisticated cyberattacks are inflicting significant economic, social and even political damage to US organisations. The tools developed by Los Alamos and delivered to the private sector exclusively by EY LLP can help counter these threats by detecting them before they do deep and lasting damage". “We are very excited to be working with Los Alamos as part of our overall mission to transition their heritage of national cybersecurity and innovation to the private sector, and arming our clients with the most advanced tools and resources to combat cyber-threats, added the EY Americas Advisory Vice Chair. "This collaborative approach is reflective of our global strategy to help organisations manage cybersecurity better and doing our part to build a better working world.”

 

 

 

 

 

 

 

 

 

August 2015

 

 

 

 

 

 

 

 

 

 

 

 

 

July 2015

 

 

 

 

  • The banking industry has poured hundreds of millions of dollars into securing its networks, claimed the Financial Times. They have hired thousands of the brightest tech minds, plucking former intelligence officials from spy agencies and combing the networks of the Chaos Computer Club, Europe’s largest association of hackers, for recruits. Besides the obvious financial incentives for hacking banks, the sophistication of their security makes them a tempting target. The Financial Times interviewed top security officers at some of the world’s largest banks, but none would speak on the record for fear of prompting reprisals from hackers. And yet serious breaches happen.

 

 

  • In Why Cybersecurity Is So Difficult to Get Right, Harvard Business Review warned that it now seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. So HBR tried to answer key questions, for companies trying to secure their data, such as where do should they start and what should they think about?

 

 

  • EY US acquired Mycroft, a leading provider of cloud-based identity-as-a-service (IDaaS) and identity and access management (IAM) services. EY says the deal will expand its ability to help clients safeguard corporate assets from the increasing threat of cyberattacks by supporting secure access to critical applications and data. EY will immediately go to market with a cloud-based IDaaS and IAM managed services offering. This US acquisition is the latest in a series of cybersecurity deals by the firm, with $20 million earmarked for EY’s recently-launched Managed Security Operations Center (SOC), a global initiative designed to provide 24/7 tools and support to secure businesses around the world. The Mycroft team will join EY’s global cybersecurity group, which the firm expects to increase by 600% through 2020.

 

 

 

 

 

 

 

 

 

 

 

 

  • The latest PwC Central Cluster Master class was run at the end of June, delivering two days of Cyber Security training to 20 directors and senior managers. Some of the highlights include: cyber Security is one of the top three topics in most CIOs agenda; there is huge opportunity in cyberecurity FS across EMEA and globally; it is estimated that the annual cost of cyber crime to the global economy is in excess of $375billion; our largest banks have budgets in excess of 100m € to build their cyber security defence capabilities and 79% of B&CM CEOs see cyber risk as the biggest threat to growth. The session covered the following key topic areas: what is the cybersecurity challenge? security assessment, strategy and transformation programme; identity and access management; threat intelligence, network monitoring & incident response; data protection and privacy and digital channel security.

 

 

 

June 2015

 

 

 

 

 

 

 

 

  • Still in the UK, a Tripwire survey asked which cybersecurity events had had the most impact on the awareness of boards. A security breach came first with 35% - not surprising perhaps - but specific external incidents also seem to have had a major impact.The Heartbleed vulnerability was mentioned by 19% the Sony Pictures and Target breaches by 17% each, and the Snowden leak by 8%.

 

 

 

 

  • EY is investing $20m to create a central Managed Security Operations Centre capable of predicting and mitigating cyber attacks. The five-year investment will provide the facility with several technical upgrades and increase the security team's size six-fold to have upwards of 1,200 skilled IT security professionals. The centre will aim to offer traditional log aggregation and monitoring capabilities, and a "unique integration of commercial off-the-shelf tools" designed to offer "deep insight into a wide range of technologies within customers' networks". EY will also offer customers an advanced security analytics platform "with a client portal to help ensure its team has full visibility of the operation of the managed centre".

 

 

  • EY identified a number of key findings about the CFO’s role in managing cybersecurity: threats are increasing in volume and sophistication, and breaches can have multimillion dollar implications; cyber attacks are highly strategic, and increasingly target manipulating shareholder value; 66% of CFOs make cybersecurity a high or very high priority; 35% of CFOs who say that cybersecurity is a “very high priority” report much greater collaboration with the CIO (only 18% of those that don’t make cybersecurity a very high priority report the same increase in collaboration with the CIO).

 

 

  • Inside PwC, a team from the Netherlands won the PwC Europe Innovation Challenge with its 'Cyber Business Review' proposition. This found that it is becoming clear that cyber risks have a strategic impact and will never be completely eliminated. Our clients need to protect their crown jewels by combining cyber defences and risk finance solutions. With Aon we provide a unique combination of cyber assurance and insurance expertise. The Cyber Business Review is aimed at CFOs and CEOs and gives insight in cyber defence and insurance maturity, quantification of cyber impact using key (non-)financial indicators, and a roadmap to improve cyber risk mitigation through a combination of “improving” and “insuring”.

 

 

 

May 2015

 

 

  • Cybersecurity isn’t what it used to be, Deloitte's global chief information security officer told the Wall Street Journal. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession - but no longer. Cybersecurity professionals need to ask what they can learn from other professions.

 

 

 

 

 

 

Image removed.

 

 

 

 

 

 

  • Capgemini asked the question: who exactly is responsible for cybersecurity? Is it government's responsibility in the laws, policies and guidelines it creates? Are businesses in the private sector, which take our credit card and personal details and store them, to be held accountable for both internal breaches and external attacks? Or is it down to us, the consumer, to choose our passwords wisely and keep our information safe? The truth, concluded Capgemini, is that for a security policy to be successful, everyone involved at each stage of an online transaction has to take a certain amount of responsibility and work together to achieve the common goal of protecting society from malicious hackers.

 

 

 

April 2015

 

 

Image removed.

 

 

 

 

 

 

 

 

 

  • The role of sanctions is expanding to deal with cyber-crime explained that the US is authorising sanctions to penalise individuals, businesses and governments that "engage in malicious cyber-enabled activities"  that undermine U.S. security and financial stability. "Cyber threats pose one of the most serious economic and national security challenges to the United States, and my Administration is pursuing a comprehensive strategy to confront them," President Obama said in a written statement announcing the new sanctions regime.

 

 

 

March 2015

 

 

  • Transforming cybersecurity: New approaches for an evolving threat landscape, which found that cyber attacks on financial services companies are both increasingly diverse - and therefore unpredictable - and are also here to stay. Many of these continue to be driven by financial gain. However, the ranks of attackers have increasingly grown to include others with social or political agendas that seek to destroy systems or create market havoc.

 

  • PwC Singapore launched its own new Cyber Security Centre of Excellence. The centre aims to serve the business community both locally and in the region through the provision of research, training and skill development, information sharing, communication, awareness and policy, standards and international cooperation. It will be headed by Vincent Loy, cyber leader, PwC Singapore, whol added that as Singapore moves closer to becoming a Smart Nation, the need for the right talent to ensure that the nation and our systems are well guarded against threats will become a growing imperative. PwC is working to build capabilities that will support businesses as they "go digital", he added.

 

  • KPMG Australia will acquire Asia Pacific cyber security technology solutions business, First Point Global, as part of a global strategy to expand the firm’s cyber capabilities.  The announcement marks the fourth cyber acquisition by the KPMG international network in the past five months. First Point Global specialises in identity and access management (IAM). Founding partners John Havers and Jan Zeilinga will join KPMG’s Cyber security leadership team and bring with them 30 professionals - the largest specialist IAM team in the country. The combined team, to be known as KPMG First Point Global, will offer clients a full spectrum of cyber services spanning consulting, systems implementation and ongoing support.

 

 

 

February 2015

 

  • In Cyber Security: The Thorn That Can Cripple The IoT. Capgemini argued that, as the Internet of Things continues to grow, internet enabled systems will become an increasingly attractive target for cyber attacks. The IoT is estimated to grow into a $600 billion industry by 2019, however growing security risks could undermine its business opportunities. In a survey conducted by Capgemini Consulting, 71% of the respondents agreed that security concerns will influence customers’ purchase decisions for IoT products.

 

 

 

 

 

 

 

 

 

 

 

January 2015

 

 

 

 

 

 

 

 

 

 

 

 

 

 

December 2014

 

 

 

 

  • The UK is particularly at risk when it comes to cybercrime, argued PwC. It is rich, its infrastructure for moving money around is slick, and it is saturated with technology. Over 60% of the population use smartphones. More than 80% of households are connected to the internet. Three-quarters of them shop online. According to PwC, 69% of companies in Britain experienced a cybersecurity incident in the past year, compared with 59% globally.

 

  • A report by CloudEntr, which canvassed the opinions of 438 IT pros across 20 plus different industries, found that 77% believe staff members are the weakest link in their security infrastructure, and a liability when it comes to cloud usage. Just over half of those surveyed also said that employee use of cloud-based services had made their organisation less secure – and when questioned about what their foremost worry was when it came to cloud security, 75% said it was the possibility that staff might be unwittingly exposing company data - details.

 

 

 

 

 

 

  • Businesses in China and Hong Kong face increasing losses from information security breaches, said PwC's Global State of Information Security Survey. Average losses from security incidents increased by 33% this year to US$2.4 million. "While the survey confirms our concerns that the financial impact of detected security incidents is increasing rapidly, many more attacks are either going undetected or unreported," claimed Samuel Sinn, PwC China risk assurance partner.

 

November 2014

 

 

  • In Leading cyber risk management in a smaller, more perilous world: A secure, vigilant, and resilient approach, Deloitte claimed that, by bringing the cyber element into an integrated risk management approach, it is helping clients around the world protect their data, their brands, and their organisation's value. When its member firms’ Security and Privacy practices became Cyber Risk Services in 2014, it was more than a name change, Deloitte claims; it signalled a new dialogue and approach to the problem, distinguished by member firms’ abilities to bring the cyber element and a deep regulatory understanding into an integrated business risk management approach.

 

 

  • PwC UK launched an all-encompassing emergency service for businesses under cyber attack called BreachAid. This new global data privacy and protection practice and accompanying website is now available to clients. Our cyber-security and crisis-management experts are often called in by organisations to simulate cyber attacks to help them identify their vulnerabilities and to respond to incidents identified. The new service offers immediate help to organisations globally facing a security issue, including identifying and responding to a breach or leak, crisis management in the event of an incident, tackling the aftermath and handling any legal requirements. We have moved quickly to establish a leading position in the market as we seek to help businesses prepare for new regulation – set to be finalised by the EU in 2015 – which will lead to greater disclosure of security incidents in Europe.

 

  • Google, eBay, Facebook, Yahoo! foursquare and Microsoft allegedly want nothing to do with a proposed new EU cybersecurity law. In an open letter to Europe’s telco ministers, CCIA (the Computer & Communications Industry Association) said the proposed Network and Information Security (NIS) Directive should exclude internet enabling services and focus on “truly critical infrastructure”. When the law was first proposed by the European Commission, it included rules for so-called "enablers of information society services" aimed at online giants such as Google, Amazon, Ebay and Skype. However the European Parliament changed the text so that the rules will now apply only to companies that own, operate or provide technology for critical infrastructure facilities.

 

 

 

 

 

October 2014

 

 

 

 

 

 

 

 

 

September 2014

 

 

  • According to the recent Cyber Security - insights from GRP Hot Topic call, PwC now has approximately 1600 cyber specialists working in over 60 labs around the globe. This is a US$250m business globally with ambitions to reach $1bn by 201. Goal is to capture 4% of the addressable market in various aspects of cyber as a global business, through both organic and inorganic growth (eg. acquisitions including technical skillsets, activity around joint business relationships).

 

 

 

 

 

August 2014

 

 

  • According to the FT, the cybersecurity market is now worth an estimated $15bn. It looks set to experience a considerable growth spurt as the rising number of high-profile cyber attacks pushes executives to boost security budgets. Earnings for cybersecurity companies are projected to grow 17 per cent for the next two years. A healthy pipeline of initial public offerings and mergers and acquisitions should also contribute to the growth of the sector.

 

 

 

July 2014

 

 

  • In Cybersecurity and IP theft in China, EY warned that China’s rapid transformation from an agrarian society into an industrialised, high-tech economy created a fertile environment for hackers seeking to steal IP and other types of sensitive corporate data. Many corporations were so focused on growth that they failed to develop adequate controls and safeguards to protect corporate assets and IP against cyber attacks. More companies are putting those controls in place, however, as China’s economy matures.

 

 

  • In its Defending the digital frontier special report, The Economist warned that companies, markets and countries are increasingly under attack from cyber-criminals, hacktivists and spies, and that they need to get much better at protecting themselves.

 

 

June 2014

 

  • In 4 Ways CIOs Can Help Fight Financial Crime, Deloitte argued that financial crime may not preoccupy CIOs, but those who pay closer attention may uncover significant financial savings for their companies. Financial crime can cost serious money. Large banks accused of failing to detect and prevent money laundering, for example, have paid anywhere from $160 million to nearly $2 billion in regulatory fines or forfeitures to settle those allegations, according to various media reports. One health care provider paid $1.7 billion in criminal fines, civil restitution, and other fees and penalties after being investigated for health care fraud and paying kickbacks to doctors. Then there are the costs associated with investigating suspected financial wrongdoing and bolstering compliance programs after the fact, both of which can easily enter the millions.

 

 

 

  • According to the FT, for the Big Four, cyber security is a potentially lucrative revenue stream. Large firms can charge clients up to tens of millions of dollars for cyber security assignments. For example, EY further strengthened its IT and Cyber Risk practice in May with the appointment of John Milne, the former head of operational resilience at the Bank of England. A few months earlier, PwC poached the former managing director of cyber security at Barclays Bank to be a partner in its own cyber security practice, while KPMG says specialist expertise is needed to tackle four main areas of potential cyber threats. These are: hacktivists, organised crime, company insiders – either intentional or unintentional – and state-sponsored entities.

 

 

May 2014

 

 

 

  • Business2Community examined the growing cybersecurity demands in a globalised network. The world economy does indeed depend heavily on online transactions, and that is the biggest reason why we need top-notch cybersecurity measures in place on a global scale, it claimed.

 

 

 

 

 

  • Monadnock Research published its Cybersecurity Consulting Practice Leadership Quadrants, where the consulting and advisory practices of 59 leading firms have been analysed and the results presented. Cybersecurity services within the scope of this analysis included organisation-level and operational security strategy; fraud prevention, and risk mitigation and management; governance, standards and compliance; assessment, breach mitigation and cyber defence; identity authentication, malware detection, software woe development; and support of information assets across on-prem and cloud environments, hardware and software infrastructure, and business application portfolio.

 

 

April 2014

 

 

  • The potential for a global cyber catastrophe was also examined in the FT. With Systemically Important Technology Enterprises (SITES) so deeply embedded in business productivity that they pose a serious risk to the overall economy, the article questioned whether greater diversity of data architectures should be explored to reduce that risk - details.

 

  • The UK government launched its Computer Emergency Response Team (CERT-UK), with the aim of bolstering the UK's defences against cyber threats ranging from hackers to state-sponsored attacks. The body will deal with "cybersecurity incidents" of national significance. It will also provide advice and alerts on cyber-threats to government, industry and academia - see details.

 

 

March 2014

 

  • The increasing frequency, sophistication and business impact of cyber-attacks have pushed cybersecurity planning and protection from an operational concern of IT departments to a key theme on the strategic agenda of senior leaders. Some key findings of Bain’s recent “” report: The median per-organisation cost of cybercrime jumped 56% to $5.9 million in 2011 over 2010, the most recent data available; Web-based attacks during the same period increased to 4,500 per day, a 36% increase; Mobile malware quadrupled in 2013, with Android attacks increasing exponentially by an 26 times; Distributed denial of service (DDoS) attacks increased 27%; and Financial motives now drive nearly 95% of cyber-attacks,  targeting strategic assets that can be quickly monetised after a breach, according to Bain.

 

  • PwC's own Global Economic Crime Survey 2014l ooked at the causes and  effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

 

  • Google acquired start-up Spider.io as part of its initiative to stamp out fraud in online advertising.  Spider.io has exposed several high profile scams within the past year and posted detailed accounts of the activities on its website. Among these was the identification of the infamous Chameleon bot, which is estimated to have generated more than 9m false advert impressions each month across more than 200 websites - more details.

 

  • Further related links in March 2014:

 

 

February 2014

 

  • PwC's own Global Economic Crime Survey 2014 looked at the causes and effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

 

  • PwC's Forensic Services discussed the implications for clients of our latest report into how the fraud landscape has changed, in a webcast. If you’re interested in finding out what our respondents said in The changing face of fraud and what it means for organisations in the UK, you can watch the webcast here. The report, part of the Global Economic Crime Survey 2014, reflects the changes in economic crime over the last few years, the major trends we’ve identified from the 372 respondents in the UK, and comparisons against the opinions of over 5,000 global respondents. If you’d like to read the report and take a more in-depth look at the findings please go to www.pwc.co.uk/crimesurvey.

 

 

  • Audit committee members are becoming increasingly concerned by cyber threats but the quality of information they receive has declined over the last year, according to a new survey by KPMG. Globally, 45% of respondents did not feel that their committee devoted enough agenda time to the issue. But this rose to nearly six in 10 (58%) in the UK.

 

 

January 2014

 

 

  • PwC US and Ridge-Schmidt Cyber LLCannounced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

 

 

November 2013

 

 

 

 

  • UK banks took part in a simulation to test their cyber security. Richard Horne, a PwC UK Cyber Security partner who recently joined us from Barclays, was interviewed by the BBC and quoted widely in the press. We featured in The FT, The Times and Reuters and in trade/regional press such as Computer WeeklySC magazine and the Irish Examiner. Commenting on this exercise puts us, and our Cyber Security practice, in a great position with the media on what is a Tier 1 national security threat.

 

 

 

October 2013

 

  • For the seventh year running, the EIU, commissioned by Kroll, surveyed senior executives from around the world across a wide variety of sectors and functions. This year’s 901 respondents report that fraud remains a widespread problem regardless of the industry or region in which their businesses operate. It is also as protean, and hence unpredictable, as ever. The results of our 2013 report reveal a number of key insights: 1. The incidence and costs of fraud rose markedly in the past year, in turn driving up companies’ sense of vulnerability. 2. Information-related fraud is common and evolving, but many companies are not prepared if things go wrong. 3. Fraud remains an inside job, but so does its discovery. 4. Global business practices often increase fraud exposure. 5. Those with local knowledge see fraud risks everywhere.

 

 

  • Risk Angles: Five questions on the evolution of cyber security, Deloitte argued that, while cyber security used to be considered an issue primarily for the IT team, these days it is an agenda item for the entire C-Suite. What’s changed? It’s not just the frequency of media reports on cyber security breaches -  if anything, these are merely symptomatic of a larger shift underway. Cyber crime is fuelled by increasingly sophisticated technologies along with relatively new trends in mobility usage, social media and rapidly expanding connectivity - all in the hands of more organised online criminal networks.

 

 

  • PwC US and Ridge-Schmidt Cyber LLCannounced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

 

September 2013

 

  • PwC joined the World Economic Forum's Partnering for Cyber Resilience, an initiative to promote a coordinated approach to managing the risks and opportunities. “In the hyper connected digital age, cyber risk and resilience is a fundamental issue facing the global economy. We are committed to supporting these global principles which will contribute to global economic stability and prosperity by helping businesses better manage the risk of ever increasing threats to their data," said PwC global chairman Dennis Nally.

 

  • Security incidents detected at companies globally rose 25% in the past 12 months, but many are defending future threats with yesterday's strategies, says PwC's Global State of Information Security Survey 2014. Despite a rise in security spending, firms have been outpaced by their adversaries, the report found. Said PwC Advisory Principal Mark Lobel, "It is essential that executives actively re-evaluate and update their security strategies and practices on a continual basis to keep pace with today's threat actors."

 

  • Demand for advice on issues such as cyber security has led to professional services firm EY's latest recruitment drive. In the UK, EY is looking to hire 2,400 experienced people in the next 12 months to meet growing demand from its clients for advisory services. It will also hire 700 graduates, 500 undergraduates and 150 school leavers.

 

  • Global operations of companies often involve complex layers of business partnerships in countries around the world. Companies that strive for sustainability already know very well that most of their operations’ impact happens in these supply and distribution chains, often in countries far removed from the corporate headquarters. That is true when it comes to environmental and labour standards but it is equally true in the area of fighting corruption.In today’s world, value chains – i.e. networks of suppliers, distributors, and other business partners – often stretch across countries with varied legal structures, enforcement mechanisms, and business cultures.

 

 

July 2013

 

  • Thousands of companies worldwide plan to update systems and policies that act as their first line of defence against fraud and other hidden risks. The action will follow a sweeping overhaul of the most widely used guidelines for those safeguards. The new guidelines, which many companies expect to adopt by the end of next year, are for internal controls which the US government has required  at public companies for the past decade.

 

  • Malicious cyberattacks increasingly are aimed at core infrastructure of the securities markets and could present risks to the entire financial system, according an International Organisation of Securities Commissions report. It warns that cybercrime has become significantly more sophisticated and more challenging to defend. Hackers now focus on destabilising attacks, particularly at financial exchanges, with the aim of damaging public websites and online services.

 

 

  • Transparency International published its 2013 Corruption Barometer, which reports the findings of a survey of 114,000 people in 107 countries on their interactions with corruption, the institutions and sectors they see as most corrupt, and their perceptions on whether they have a role in combating corruption. The report captures a number of trends, including the view that corruption is worsening across many sectors; it also calls for governments to strengthen their accountability platforms and enhance standards for procurement and public financial management. This year’s survey found that 27% of people report having paid a bribe in the past year, nearly the same percentage as in the 2010/2011 report (26%). This indicates that more than a quarter of people surveyed have been touched by bribery.

 

  • In a special report, the FT warned that cyber security is a dominant feature of the global political agenda, with the focus having changed from weapons of mass destruction to a “credible threat of cyber attack capability”. Industrial-scale theft of intellectual property has undermined competition and strained relations between China and the west. Meanwhile, security experts have made the humbling admission that the sophistication and evolution of the attacks are outpacing the defence.
Timelines
Spaces
Signifiers