What We Think
July 24, 2020
Chart of the Week (29) – Cyber security
Over the past two decades, cyber-crime has become an increasingly significant and systemic business risk, with the real potential to inflict devastating financial and moral damages to practically anyone, anywhere. By 2021, the total damages relating to cyber-crime are estimated to hit $6 trillion annually, placing it a par with the third largest economy, Japan.
With more people opting to make their purchases from the safety of their own home against the backdrop of the COVID-19 pandemic, this also means that there are significantly more opportunities for cyber criminals to exploit such an increase in household internet usage and hack credit card data among other crimes.
To this end, the Maltese Government has stepped up its efforts to promote cyber security and drive the need for all local enterprises to embrace as part of their integral infrastructure. Through the establishment of government agencies such as Cyber Security Malta and Tech.mt, and the provision of various financial grants, initiatives have been taken to further strengthen such infrastructure and safeguard businesses from the ever-increasing cyber threats.
This week’s chart(s) delves into cyber security from 3 main facets:
- Utility of cyber security measures
- Level of policy/measure documentation and frequency of updating
- Education of staff by employers on cyber security issues
Whilst investment in cyber security measures is never enough, Eurostat statistics for 2019 show that 92% of enterprises in Malta use at least one form of cyber security measure, with the most common of which include:
- Constantly updating software;
- strong password authentication measures; and
- data backup to a separate location.
Whilst this may be perceived to be high, Malta still falls behind many European countries and there is certainly no room for complacency.
Likewise, a proper and regularly updated cyber security policy documentation is key for businesses to ensure a structured and strategic approach towards mitigating cyber risk but also to remain adjourned on the latest threats and stay ahead of cyber criminals. In this regard, only 32% of enterprises in Malta have documents in place outlining measures, practices, and procedures to be followed in case of a cyber security breach. For the record, this falls in line with the EU-average, but pales in comparison to the top countries, namely Denmark (56%), Ireland (54%) and Sweden (52%).
Although having documentation is the first step towards adequate cyber security, it is the regular update of these polices that prevent businesses from falling behind in terms of adopting the necessary measures to defend against new threats. Unfortunately, Malta hasn’t reported any major inroads in terms of the number of enterprises that have updated their policies within the last 12 months. On the contrary, it fell from 26% in 2015 to 25% in 2019. This comes in a period where many other European countries have managed to improve their position during this same time-frame.
Employee awareness is the third component of our analysis. Globally, human error accounted for 22% of cyber-attacks in 2020 so far. With 59% of Maltese enterprises in 2019 attesting to raising awareness among its employees, there is still room for improvement. Enterprises can make use of various tools at their disposal, such as in-house training, manuals, educational seminars and courses amongst others, all aimed towards decreasing the likelihood of cyber security breaches emanating from human error.
Unfortunately, when gauging cyber-crime, the matter is not really a question of whether an organisation will fall target to an attack but when and how large the consequences will be. With a global recession slowly unfolding in the mist of COVID-19, organisations of all sizes should not view their IT security simply as a cost centre but ought to continue acting proactively by building their security capacity through both education and investment.