In 2020, cybersecurity is still not being taken seriously across companies in the UK and around the world. Why? It’s because there is a mindset amongst CEOs, directors and executives that IT is a cost centre. This is the presumption that IT does not make the company money and costs the company lots to operate, therefore we will not invest in it, and only spend money on the essential IT equipment (network switches, routers, computer screens, keyboards etc).
Companies need to stop looking at their IT department as a cost centre and invest in it, in particular within the area of cybersecurity. Cyberattacks are increasing, and the consequences can be drastic for any organisation large or small. Below are a number of reasons as to why each company should invest in cybersecurity and why it is a necessity.
Every company that has clients deals with their personal data; personal data that will consist of their address, phone number, bank details, age etc. This data must be protected privately and securely because it is also data that is at risk of being abused and exploited if a successful cyber attack occurs. By not investing in a cybersecurity department, at the hands of a successful attack, it is more than probable that a company’s reputation will be at risk and future potential customers are less likely to trust in it, this can be fatal for a small company. Attacks so devastating that some companies have no choice but to temporarily shutdown and in the worst case scenario, shutdown permanently. In 2019 telemarketing firm The Heritage Company had no choice but to lay off 300 of its employees due to a cyberattack.
General Data Protection Regulation (GDPR) was enacted in 2018 which was designed to modernise laws that protect the personal information of individuals. It is probably one of the most important laws enacted in the 21st century in relation to British law, and businesses that do not comply will be punished. Therefore, not handling customer data properly and safely can lead to substantial fines that at times could cripple a company financially. It could result in companies being fined up to €20m or 4% of their annual turnover for allowing any security breaches to compromise their customer data. This means that companies in the UK must make sure that they have adequate cybersecurity measures to comply with GDPR and importantly keep personal data safe.
Anyone is now a target on the internet
If you were a small company many years ago you probably could have gotten away with not having a cybersecurity department, cybercriminals were more likely to use their time and resources to target large businesses as they had more money and resources. However, recently small companies have increasingly become a target for hackers as they know they are less likely to invest in their IT departments due to cost. Experts argue that small businesses are now becoming cybercriminals favourite targets now, which makes a reasonable amount of sense. A large company of high importance is very hard for a hacker to successfully break-in, while it is easier for them to break into a small company. It can also reap huge financial rewards for a hacker, for example, if he successfully hacks into 10 separate small businesses within a month and drops ransomware, demanding £10,000 from each business, he could potentially make £100,000. A small business who refuses to pay it could have all their data encrypted for life or even deleted. The Guardian mentions that one of the most dangerous phrases used by small businesses is: “It’ll never happen to us.” Agreed, because no matter how small of a business you are, a cyberattack could happen to you if you don’t have adequate protections in place.
Investing in IT and cybersecurity should be thought of as one of the most important pillars in your business. Every single business needs cybersecurity for data protection, customer trust and ultimately the longevity of the business.
By Michael Ogunjimi