Business leaders are not taking cybersecurity seriously enough, and this poses a significant risk to their companies’ reputations, warns Dr Ryan Ko of the University of Waikato. “Communications is a much neglected aspect of responding to cybersecurity incidents,” says Ko, speaking at a business forum in Hamilton, organised byHMC Communications. “The spread of information is so fast, and reputations are very hard to get back when lost,” says Ko, who established New Zealand’s first cybersecurity graduate programme and lab in 2012 and is director of the NZ Institute for Security and Crime Science. Ko says that the size of cybercrime internationally was larger than drug trafficking, according to a Norton Cybercrime Report. “It was reported that, globally, cybercrime cost $388 billion which was larger than the cost of drug trafficking at $288 billion,” says Ko, in a statement. “Every half-second a unique malware or virus is created somewhere in the world. Cybersecurity is a serious concern for companies, and New Zealand business leaders need to do more to protect their company and their customers.” No caption Cybersecurity has to be the biggest concern for executives today. It has the potential to destroy consumer confidence in an organisation and also materially affect the financials of an organisation.Bradley de Souza Ko says that there was a global trend with businesses and boards of directors being held liable for cybersecurity incidents. “The public perception is that businesses and boards should take responsibility for personal information, and that means cyber-attacks have legal implications for directors,” says Ko. “It’s not a matter of ‘if’ it will happen, but when, and directors may be facing liability.” Ko cited the example of Target, a well-known US discount retailer, who was affected by a cybersecurity attack in 2013. Hackers stole credit and debit card information from up to 40 million customers which revealed the company’s weak cybersecurity measures and ended up costing the retailer millions of dollars. Another case was the Wyndham Worldwide Corporation, a US hotel chain that was sued in 2012 for breaching customer’s confidential information when credit card details were hacked and posted to a Russian website. Ko says that New Zealand companies are at risk of cyberattack, and more than half – 56 per cent – of New Zealand companies claimed to have a cyberattack at least once a year (in 2014). The five top threats to New Zealand companies, identified by Ko and his research team, included ransomware, distribute denial of service (DDoS), social engineering, hijacking unpatched platforms and obsolete communications, cyber forces and weaponry. “Many think it will not affect them, especially small to medium businesses, but they are not immune,” says Ko. The one area where management needs training has to be cyber security, says Bradley de Souza an internationally recognised CIO/CTO/COO who has specialised in change, transformation and recovery across industries around the world. “We are seeing an unprecedented level of security breaches across companies of all sizes and technology maturity.” He says companies are finding out about breaches too late and they are unable to gauge the size of the issue. “This has to be the biggest concern for executives today. It has the potential to destroy consumer confidence in an organisation and also materially affect the financials of an organisation.” As an example, the Paradise papers leak represents a treasure map of offshore banking and investment activity which can easily be targetted by criminals, he says. “Breaches in this area are likely to go unreported due to their dubious legal status and lack of transparency. They present criminals with the perfect opportunity as the police authorities will most likely never be involved.” No caption Sidebar: Is your organisation prepared for a cyberattack? Top things for business leaders to consider. What is your board of directors doing to address the risk of a cyberattack to your business or organisation?Have cybersecurity policies been reviewed (and do they even exist)?Are there policies around external contractors?Does the business or organisation have cyber insurance?Is there a chief information security officer in the company?What would you do in the event of a cyberattack, operationally and with your communications (internally and externally, including stakeholders and media)?No caption Follow Divina Paredes on Twitter:@divinap Follow CIO New Zealand on Twitter:@cio_nz Sign up forCIO newsletters for regular updates on CIO news, views and events. Join us on Facebook. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe