In 2017, cyber security cost Scotland more than £7 million. In one year, businesses and organisations as wide ranging as football clubs and health trusts, were targeted by hackers. Personal information was stolen, individuals were blackmailed and profit margins were hit hard.
Sadly, two years on, little has changed. As more and more Scottish companies embrace technology as part of their growth strategies, online security threats have become more widespread and sophisticated.
In an attempt to capture a true picture of the view on cyber security, KPMG, working alongside Harvey Nash, questioned more than 3,600 IT leaders internationally. It might not come as a surprise to learn that three quarters told us they feel vulnerable to online threats. Meanwhile, one third has already experienced a major attack in the last two years.
The 2019 Harvey Nash/KPMG CIO Survey findings highlight the global scale of the problem, but that doesn’t mean businesses here in Scotland should admit defeat and leave their fate to chance. Pre-emptive actions can and should be taken.
In response to our survey, almost two-thirds of organisations told us they now allow ‘business-managed IT’ spend. On the one hand, it’s positive to see how many companies are placing technology at the heart of their business, but an increasing move away from central IT team involvement, creates even more privacy and security risk.
Despite those concerning figures, there are some reasons for optimism, a staggering 90% of all the businesses we interviewed told us they felt they could do more and be better at tackling cyber security and online threats. There is a growing recognition within the board room that this is a problem that isn’t going away anytime soon.
The advice for Scotland’s business community is simple – carry out an extensive audit of your business resilience, identifying any weak spots and vulnerabilities, seek support from outside experts who can provide you with an unbiased, forensic examination of the challenges you face, and offer guidance on what proactive measures you can take, and – above all else – invest. Cutting corners is no longer an option. The cyber security threat is, sadly, here to stay.
Neil Coutts Leads the Cyber and Technology Risk capability in Scotland for KPMG..