Compliance is no longer about meeting regulatory requirements; it is about proactively safeguarding businesses and their stakeholders. This includes protection against cyber threats.
In our cybersecurity webinar, our panel of experts unpacked how compliance leaders play an integral role. This involves enforcing these measures, aligning security objectives with regulatory obligations and promoting a culture of security awareness.
Growing cybersecurity threats
Cyber attacks have become increasingly sophisticated, posing significant risks to businesses worldwide. Within the past year, 80% of UK organisations faced a cyber attack. Some of the most common forms of cybercrime include hacking, phishing scams, data breaches, online fraud and malware attacks.
Losses to fraud and cybercrime in the UK totalled over £3bn between 2021 and 2022. Removing fraud from the data, email and social media hacking is the main cybersecurity threat, with a loss of £7.8m in 2021, double that of the previous year.
Cybersecurity is more than a tech issue. It's important to help businesses understand this by levelling with them, whether your role is Chief Information Security Officer (CISO) or Chief Compliance Officer (CCO).
"It's all about putting yourself in the business’ shoes. Without understanding, there can be no empathy, no alignment, and a missed opportunity to add value. GRC teams welded to their desks, hiding behind emails, are their own worst enemy."
To ensure cybersecurity, we identified that businesses need to:
- implement the right technology defences
- educate their staff on identifying cyber risks through ongoing training
- conduct due diligence on third-party suppliers
Key cybersecurity considerations
A recent study found that 72% of firms struggle to keep up with ever-changing cybersecurity regulations. This is one of the many challenges that accompany monitoring cybersecurity. Some of the other main points of consideration around cybersecurity threats include:
- Data breaches and data privacy - recognising the potential dangers that pose a threat to an organisation's invaluable data
- Regulatory compliance - gaining knowledge about cybersecurity regulations and industry standards
- Vulnerability management - identifying weaknesses present in a firm's IT infrastructure and taking note of them
- Third-party risk management - learning about potential cybersecurity threats associated with third-party partners
- Incident response and breach notification - ensuring swift action and strategic communication
- Employee awareness and training - empowering staff with the knowledge and tools
Boosting cybersecurity with compliance
Compliance addresses each of the key areas businesses need to focus on and can be a valuable tool in minimising the threat of cyber attacks. Here are a few ways to leverage compliance in the mitigation of cybersecurity threats:
- Establishing and enforcing security policies and procedures. Compliance requirements often mandate the implementation of specific security controls, such as password complexity requirements, data encryption, and access control. These controls can help to reduce the risk of unauthorised access, data breaches, and other cyberattacks.
- Conducting regular risk assessments. Regularly assessing an organisation's cybersecurity risks is a crucial component of compliance. This process allows for the identification and prioritisation of vulnerabilities that attackers may target. By staying proactive in risk assessment, organisations can better safeguard their systems and data from potential cyber threats.
- Training employees on cybersecurity best practices. Approximately 95% of cyber security breaches are caused by human error. Compliance regulations frequently stipulate that employees must undergo training in cybersecurity matters, including identifying phishing scams, understanding social engineering tactics, and implementing effective password security. This training helps prevent employees from making errors that jeopardise the organisation's security.
- Monitoring and responding to security incidents. Organisations are obligated by compliance requirements to establish protocols for monitoring and addressing security incidents. This entails developing a comprehensive plan for investigating incidents, mitigating the impact, and promptly informing affected parties.
- Requiring third-party vendors to comply with the same security standards as a firm. Third parties pose a significant cybersecurity risk to firms, with 59% of organisations experiencing a data breach caused by a third-party vendor. Ensuring third parties are compliant with a firm's cybersecurity standards can help reduce the risk of attacks that originate from third-party vendors.
- Utilising cloud-based security solutions that adhere to industry regulations. Not only does this enable firms to streamline their operations and save valuable time and resources, but it also ensures they meet all necessary compliance requirements.
By following these and other compliance guidelines, organisations can help to reduce their risk of cyberattacks and protect their sensitive data.
According to Accenture's 2021 Cost of Cyber-Crime Study, the financial services industry experiences the highest cybercrime costs, with an average of $5.84 million per organisation. While around 236.1 million ransomware attacks occurred globally in the first half of 2022.
Here are some real-life cases which bring these statistics to life and showcase the importance of cybersecurity measures:
SolarWinds Supply Chain Attack
In 2020, a sophisticated supply chain attack targeted leading IT management software provider SolarWinds. The attackers compromised SolarWinds' software updates, allowing them to distribute malware to numerous organisations, including government agencies and Fortune 500 companies.
This incident highlighted the risks posed by supply chain attacks and the need for robust third-party risk management practices.
Accellion Data Breach
In early 2021, a data breach at Accellion affected numerous organisations worldwide. Attackers exploited vulnerabilities in Accellion's software to gain unauthorised access to sensitive data. High-profile victims included government agencies, universities, and private corporations.
This incident highlighted the importance of regular software patching, vendor risk management, and secure file transfer practices.
JBS Foods Cyberattack
In 2021, one of the world's largest meat processing companies, JBS Foods, suffered a cyberattack that disrupted its global operations. The attack, attributed to a ransomware group, led to temporary plant closures and supply chain disruptions in the food industry.
This case demonstrated the potential impact of cyberattacks on critical infrastructure and the interconnectedness of supply chains.
Compliance is not a silver bullet for cybersecurity, but it can play a key role in helping organisations to protect themselves from cyberattacks. Companies can reduce cybersecurity-related risks by up to 70% with cybersecurity training for employees. This indicates that a comprehensive compliance programme can significantly reduce the risk of cyber attacks.
More Skillcast Events
SkillcastConnect is our new community bringing together compliance professionals for unique peer group networking free of vendors.
- Networking Events
- Expert-led Webinars
- CCO Roundtables
- Compliance Workshops
- 100+ free video-based learning courses
If you are interested in attending an event, you can see what's coming up on our Events Calendar.