By Bernie Cahiles-Magkilat
Businesses should not overly rely on technology to fight cyber threats, rather they should focus on skills development of manpower to interpret risks and implement measures to prevent attacks.
According to data from the latest Grant Thornton International Business Report (IBR), the number one weakness in managing digital risks is an over reliance on software doing all the work.
Close to half — or 42 percent — of Filipino mid-sized businesses surveyed for the IBR reveal that they heavily depend on their software in managing digital risks, such as cyber security and data privacy. The rate is much higher than the ASEAN (28%) or global averages (32%).
Organizations have spent billions of dollars on technology that promises to keep cyber threats at bay. The Gartner Forecast for Information Security Worldwide claims that end-user spending for the information security market is estimated to grow at a compound annual growth rate of 8.5 percent between 2017 and 2022, reaching $170 billion.
It is encouraging that business leaders acknowledge this overdependence. But now companies must act by improving their employees’ awareness and specialist skills in cyber security.
However, this does not necessarily mean spending more money. In many cases, companies will be able to taper technology spending as they strengthen and invest in their business acumen, processes, and in-house skills.
“It is essential that businesses understand that investing in technology alone is not the only answer to reducing digital risk, and it will not protect them from losing customer trust should the worst happen,” said Ma. Victoria Españo, Chairperson and CEO, P&A Grant Thornton. “A key starting point for companies is understanding the type of business they are in, and the value they deliver to the customer,” she added. Once this is understood, companies will have a clearer idea of the potential impact a breach would have on that relationship, and can better work out how to mitigate this, through a range of measures. Internal governance, processes, and people are the other crucial ingredients here.
Businesses need to understand where they are vulnerable to cyber attacks and data protection breaches before investing in preventive software. This requires specialized skills that most cyber security functions do not have.
Businesses need cyber security and privacy-related skillsets to help map out their data and understand their regulatory requirements—particularly in a cloud environment. They also need cyber technology skills around the technologies they are using.
Understanding that there is more to managing digital risk than relying on technology is just the first step. Companies must then take a number of non-tech measure to protect themselves.
On a positive note, 63 percent of Filipino mid-sized businesses interviewed say that their organization has a process to review all digital risks, including cyber, data privacy, and disruption to operations. The response reflects the overall approach to digital risks in both ASEAN (66%) and global (67%).
Companies might be investing in sophisticated cybersecurity technology, but that would not necessarily prevent the human error that’s behind many cyber breaches. After all, it is the human workforce that responds to phishing emails and installs unauthorized software.