Teijo Peltoniemi, Senior Manager, Digital, KPMG in the Channel Islands, says cyber security is more of a behavioural issue than a technological one.
In the Channel Islands, we ought to know what trust is. Almost 50% of our GVA benefits directly or indirectly from trust business, and barely a day goes by without mentioning the word.
But it has a much deeper meaning for the island's clients. Trust is essentially an emotional concept, which has a significant role in facilitating business transactions. Trust generates social capital that is an invaluable asset not only in our local industry, but in all other sectors. Without trust there would be no business. The States of Jersey's recently-released cyber security strategy consultation reflects this understanding.
Trust is built around sentimental and subjective factors, rather than logical and rational facts. All too often we see trust perception based on logos and office appearance, rather than technical certifications. It is however, technology or the use of technology by people, that can erode trust, ultimately causing it to disappear. As several financial service providers have learnt the hard way, leaking your customers' data seldom helps your brand.
Cyber threats today constitute one of the top risks in business. One serious example is the threat posed to trust. Cyber resilience must be a shared effort and objective. The launch of Jersey's cyber security strategy is a much welcomed development, as co-ordinated actions are urgently needed across the island. Greater pooling of information is required to ensure threat information is shared, helping us all to protect one another and our Jersey plc brand, as well as building trust between local businesses.
Threat intelligence is a critical element in managing cyber threats - currently there is no channel to share this information in Jersey. While threat sharing may be a voluntary mechanism, many jurisdictions are introducing regulations, which will enforce manditory reporting. Transparency is a cornerstone of trust, and such sharing will also help us to effectively combat more cyber criminals and their nefarious plots.
Local telecom operators play a potentially active role in cyber security, as they theoretically have the right to detach malicious endpoints from the network - in other words - pull the plug. Clean networks can always form a strand of competitive advantage for the island, particularly given how well we are served by such providers.
It should be understood that the responsibility for cyber security cannot be outsourced to the government or any other external party.
Governments can facilitate, stimulate and mandate certain matters, Bur ultimately; organisatiions, individuals and families must be accountable for protecting their assets against cyber threats. It's important to remember that cyber security is predominently about actions and behaviour, not technology.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.