New BT and KPMG report warns of emerging threats from profit-orientated and highly organised cyber-criminal enterprises
Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.
The report, Taking the Offensive – Working together to disrupt digital crime finds that, while 94 per cent of IT decision makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 per cent) admit that they don’t have a strategy in place to prevent it.
The report also finds that 97 per cent of respondents experienced a cyber-attack, with half of them reporting an increase in the last two years. At the same time, 91% of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44% being concerned about the dependence on third parties for aspects of their response.
Mark Hughes, CEO Security, BT, said: “The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market.”
“With cyber-crime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers. Businesses need to not only defend against cyber-attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace."
Paul Taylor, UK Head of Cyber Security, KPMG said: “It’s time to think differently about cyber risk – ditching the talk of hackers – and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources – intent on fraud, extortion or theft of hard won intellectual property.”
“Talking generically about cyber risk doesn’t deliver insight. You need to think about credible attack scenarios against your business and consider how cyber security, fraud control, and business resilience work together to prepare for, and deal with those threats. If that’s done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world.”
The BT-KPMG report shows that Chief Digital Risk Officers (CDROs) are now being appointed to hold strategic roles which combine digital expertise with high-level management skills. With 26 per cent of respondents confirming that a CDRO has already been appointed, the report’s data suggests that the security role and accountability for it is being re-examined.
The research also flags the need for budgets to be adjusted, with 60 per cent of decision makers reporting that their organisation’s cyber security is currently financed by the central IT budget while half of those (50 per cent) think it should come from a separate security budget. One major challenge identified by the report is the funding and scale of R&D spending that the criminals can bring to bear on breaching the defences of target companies.
The “Taking the Offensive – Working together to disrupt digital crime” extensively quotes a number of security directors of well-known global organisations and lists examples of the many forms of criminal attacks encountered by global organisations, including various types of malware or phishing attacks. It also describes the business models favoured by the criminals and the black market behind them, whether they carry out high-end targeted assaults on the finance system or regular attacks on businesses and high net worth individuals, or even the commoditised attacks affecting all of us.
The conclusions of the research point to the need to change mindset and to regard security not simply as a defence exercise. It is, in fact, the enabler that facilitates digital innovation and ultimately drives profit.
BT and KPMG are now engaging with large organisations around the world to debate the learning points of their joint research and advise on the changes that need to be undertaken.
Notes to Editors
The findings and recommendations in the “Taking the Offensive – Disrupting Cyber Crime” report are drawn from interviews conducted in partnership with Vanson Bourne with directors responsible for IT, resilience and business operations at major companies in the US, the UK, Singapore, India and Australia.
BT’s purpose is to use the power of communications to make a better world. It is one of the world’s leading providers of communications services and solutions, serving customers in 180 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed-mobile products and services. With effect from 1 April 2016, the group has been reorganised and the customer-facing lines of business are now: Global Services, Business and Public Sector, Consumer, EE, Wholesale and Ventures, and Openreach.
For the year ended 31 March 2016, BT Group’s reported revenue was £19,042m with reported profit before taxation of £3,029m.
British Telecommunications plc (BT) is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on stock exchanges in London and New York.
For more information, visit www.btplc.com
KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 12,000 partners and staff. The UK firm recorded a revenue of £1.96 billion in the year ended September 2015. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 155 countries and has 174,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.