Why cybersecurity matters at Climb23
The inaugural Climb23 event held at Leeds was an excellent venue for attendees to find out why cybersecurity matters (a lot) to investors.
Organised by Gordon Bateman, CEO at CRSI, and his team, in partnership with Investor Ladder and the Yorkshire & North East branch of the Institute of Directors, Climb23, an innovation festival for investors, start-ups, scale-ups, and industry, showcased 150 speakers on four stages over two days held at Leeds Dock on May 23rd and 24th.
Speaking on the Ascend stage at the Royal Armouries, Veracity Trust Network’s CTO Stewart Boutcher shared his thoughts alongside Innovate UK’s Alina-Faith Cameron and Navima’s Chief Commercial Officer David Olsson.
The Climb23 event was well organised, busy and chock full of great content and interesting people according to David.
He talked with Stewart and Alina about why cyber security is a vital strand of Due Diligence when investing.
And he added: “We talked about how investors need to be better educated and learn how to easily spot the warning signs (like how an overflowing bin in a factory would tell a health and safety inspector everything they needed to know about a company’s attitude to safety and risk).
“We also talked about cyber security technology, the pace of change and how Innovate UK are helping achieve world leading status in the advancement of detection and protection.”
The most valuable takeaway of Climb23 for him was that SME tech is alive and kicking. He advises anyone thinking of coming to Climb24 to: “Book early , use the App and be prepared to meet a lot of great people.”
His thoughts were echoed by Stewart, who added: “I thought it was a really great first event, and I think the second one will be even better. We’d be delighted to support it.”
Data breaches cost upwards of £130k to fix
This startling statistic was just one of the many facts presented by Stewart in his talk – Why cybersecurity matters (a lot) to investors – which also revealed that 64% of consumers would be put off using a business that was the victim of a website compromise or data breach.
On average, it takes two years for a business’s reputation to recover after a data breach is revealed, according to research by HSBC.
Share prices of companies affected tend to underperform by 15.6% in the following three years (see graphic below).
In addition, 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.
Just last week news broke of yet another cyber ransom attack, this time involving the personal details of more than 100,000 staff at the BBC, British Airways, Aer Lingus and Boots.
Microsoft said it believed the criminals responsible are linked to the notorious Cl0p ransomware group, thought to be based in Russia.
The criminals found a way to break into a piece of popular business software called MOVEit and were then able to use that access to get into the databases of potentially hundreds of other companies.
Russian hackers were also behind a “sophisticated cyber-attack” which knocked out council services. Gloucester City Council has now concluded its investigation into the attack which saw their IT systems compromised in 2021.
Benefit payments, planning applications and house sales were delayed after Gloucester City Council’s IT systems were compromised in December.
Earlier this year, the government sanctioned seven individuals associated with Conti, the criminal group thought to be involved in this incident.
British companies are likely to pay attackers
According to a report published in 2022, some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, this is significantly higher than the global average of 58%.
Security firm Proofpoint’s research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.
Phishing attacks remain the key way criminals access networks, it found. Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.
Cybercrime must see C-suite investment
According to the Government’s Cyber Security Breaches Survey 2022, around four in five (82 per cent) of boards or senior management within UK businesses rate cyber security as a “very high” or “fairly high” priority, an increase on 77% in 2021.
However, fewer than a quarter of businesses (23%) or charities (19%) have a formal cyber security strategy in place (see graphic below).
Among those organisations that do have a cyber security strategy in place, more than seven in ten report that this has been reviewed by senior executives/trustees within the last 12 months. This is true of both business (79%) and charities (74%).
The survey has asked whether organisations have formal cyber security policies in place several years in a row. From 2018 to 2020, this increased from 27% to 38% across businesses, but last year dropped to 33%. A similar pattern was seen among charities.
For the 2022 survey, the proportion of businesses with formal policies in place covering cyber security risks stood at 36 percent, similar to that seen in 2020, but not a significant increase on 2021.
Cyber security is now seen as a high priority by a greater proportion of businesses than in any other year of the survey.
However, there remains a lack of both will and skill around organisational cyber security, resulting in gaps in some more fundamental areas of cyber safety:
- Organisations take an informal approach to incident management, with fewer than one in five businesses having a formal incident management plan.
- Despite cyber security being seen as a high priority area, qualitative research found there is a lack of technical knowhow expertise within smaller organisations and at senior level within larger organisations.
- There is a clear lack of commercial narrative to effectively negotiate a cyber security budget against other competing organisational priorities.
- Organisations are not publicly disclosing their cyber security profile in their annual reports or otherwise to best inform stakeholders.
- There is a theme of organisations opting to outsource their IT solutions to a third party supplier, so as to access the benefits of a larger and more resourced specialist.
The findings from this year’s survey demonstrate that there is room for improvement in many elements of organisations cyber hygiene. It is clear that cyber resilience is highly influenced by board behaviours.
How Veracity Trust Network helps
“Many organisations are grossly underestimating the problems cyber breaches and bots can have on their infrastructure, security, budgets and reputation,” according to Veracity’s CEO Nigel Bridges.
“An ‘if it ain’t broke, don’t fix it’ mindset often stops them investing in cyber protection in the areas of their public-facing websites and the online advertising that points to them.
“Instead, they concentrate on networks, servers and other infrastructure, leaving their websites vulnerable to attack. The problem is that you won’t know your website is insecure until a breach happens. Then it could be too late,” he added.
By protecting their website and advertising from bots, companies can ensure that their website runs smoothly, provides an optimal user experience, reduce the risk of security threats, reduce wasted ad spend and improve the data on which business decisions are made.
Veracity Trust Network is award-winning technology* applicable to any business operating a website and works to block a wide range of bot attacks, preserving website performance, while optimising infrastructure costs and security resources.
Start protecting your business from fake and malicious bot web traffic by booking a call now:
*Digital City Awards 2022: Innovation of the Year, Best Business Awards 2022: Best Innovation, Best Martech Innovation at Prolific North Tech Awards 2021, B2B Marketing Expo Innovation Award for Best Marketing Tool 2021, and the Tech Nation Rising Stars 3.0 Cyber Award 2021, as well as holding Verified by TAG status.