Silicon Valley unicorn Slack– the ubiquitous collaboration platform with the rainbow floral logo – announced to investors this week that cyber attacks by nation state-actors could affect earnings in the coming year.
“sophisticated organised crime, nation-state, and nation-state supported actors”.
That’s alongside threats from traditional hacking, malware, insider threats, phishing, and denial-of-service attacks.
‘These threats are impossible to entirely mitigate’, according to the document.
What strikes us about the announcement isn’t the fact that Slack is a target for hackers – it suffered a significant breach in 2015. What’s interesting is how normalised cyber-risk has become.
The SEC requires businesses that want to go public to list all the risks that could affect profits. These include limited operating history, ability to retain customers, failure to manage growth effectively, and so on.
By bundling breaches with more mundane risk categories like commodity price fluctuations and ‘market instability,’ Slack’s warning is another indicator that cyber attacks have become a standard cost of doing business.
That makes cyber, well, not dull exactly – massive data breaches aren’t boring – but it has matured in a business sense – something as much for accountants to manage as cyber experts.
Accountants are taking cyber risk very seriously
- A new study from the Centre for Financial Professionals (CeFPro) says that cyber risk has become the number one concern for businesses. The survey of chief financial officers also said 80 percent of respondents reported terminating or declining business relationships based on a partner or vendor’s cyber security performance.
- The World Economic Forum’s 2019 Global Risks Report says cybersecurity threats and data privacy are the leading risks facing companies operating in North America.
- The insurance industry certainly agrees. Most large insurers have stopped trying to underwrite cyber risk by lumping it in under traditional property-casualty policies and now offer standalone cyber insurance. Its specifically designed to respond to the growing incidence of breaches and the costs associated with cyber related risks that any business could now face.
The market is growing fast – expected to drive £10.7 billion in insurance industry revenues by 2022.
The simple truth is that cyber risk has become size and industry agnostic. Like death or taxes, a simple fact of life.
Empowering people is the key
Any business that relies on technology has vulnerabilities that technology alone can’t fix.
Cyber-risks come in all shapes and sizes. There are hacktivists, hobbyists, criminal gangs ranging in size and sophistication, and then the state-sponsored actors Slack is so concerned about.
With the types of attack changing weekly and the costs they incur growing, along with investments in better systems there has to be a parallel strategy of training staff and empowering them to see the signs of a breach.
Large or small, organisations can significantly reduce the risk of a cyber-attack and its related costs if attacks can be detected more quickly. A programme of security awareness training for employees can improve that dramatically.
Your people work at the IT coal face where most attacks first rear their head. Switching them on to the signs of a breach is the best way to mitigate cyber risk.
Cyber risk. It’s the new normal
The cost of defending company networks and data is starting to be treated like a cost of doing business, and that’s probably a good thing. It’s not a matter of waving the white flag to hackers, it’s an acceptance of a complex business reality.
Technologies and the people who try to exploit them for ill gain are locked in an ongoing & evolving tussle. Until some new technological development ‘changes everything’ (and its happened before), treating cyber risk as a daily management challenge – and enlisting your own people to help – is the safest route to secure systems.
Want to learn more about empowering your employees? Why not sign up for a free demo and find out how we’re already helping organisations just like yours.