Cybersecurity in 2022 is an industry on a strong upward trajectory. The sector is projected to grow from strength to strength, with industry analysis suggesting a compound annual growth rate of 10.9% from 2021 to 2028. Yet, despite the huge levels of growth and investment, cyber-attacks remain rampant – and largely successful. Every minute, $2,900,000 is lost to cybercrime.
What can we do to foster a security culture that helps stop this? As with so many modern scenarios we find ourselves dealing with – climate change, income inequality, the battle against COVID-19 – it’s crucial to remember that no man is an island. We all need to collaborate. Whether a start-up or industry veteran, we all have similar missions, and working in silos serves no one.
For vendors, this means a consideration of the product ecosystem when developing your own technologies. We must develop our products and services in collaboration and use our collective commercial power as a direct means to influence and change the state of cybersecurity for small and medium-sized enterprises (SMEs). While this is something that can be counterintuitive to the perceived wisdom of how many businesses operate, rightly considering their bottom lines first, the larger battle against cybercrime should take precedence in this instance.
It’s not about short-term competition but growing a cybersecurity ecosystem that can secure all our futures.
Vendors are an important part of this drive towards a protected, connected future, but they cannot do it alone. Policymakers have a role to play too. The UK’s policymakers have made some positive steps in developing a cybersecurity policy that moves towards a position of resilience. For example, UK Research and Innovation’s Digital Security By Design challenge, which hopes to implement updated hardware architecture, develop the software and system development tools that will run on it and demonstrate this in at least two industry sectors. Yet, we can do more.
Initiatives such as this need to be expanded and nurtured, with a framework developed to enable fast-paced policy development and implementation to combat the ever-shifting sands of our battle against cyber-criminals.
"It's not about short-term competition but growing a cybersecurity ecosystem that can secure all our futures"
However, this cannot be done inside the Westminster bubble. It needs to be an inclusive initiative, drawing on the best and brightest in the world of academia and industry and placing SMEs at the center of the narrative.
SMEs face potentially devastating consequences in the event of a successful cyber-attack. While the largest enterprises and multinationals may weather a cyber storm, SMEs will often be less lucky. According to Hiscox, the average mean cost of a cybersecurity breach for a small business in 2019 was £11,000 – for hardware replacements and indirect factors such as business interruption. It is certainly enough to put a sizeable dent in the average SME’s armor.
The third piece of this puzzle comes from technical agencies. Cybersecurity is enough of a national concern in both the US and the UK that both countries set up dedicated government agencies – the Cybersecurity and Infrastructure Security Agency (CISA) in the US and the National Cyber Security Centre (NCSC) in the UK.
These technical agencies work tirelessly to ensure that security concerns are represented at the highest level and that practical advice for both consumers and businesses is provided in an accessible manner. However, cyber-attacks remain a scourge to businesses everywhere despite these valiant efforts. This implies that more still needs to be done.
It is imperative that technical agencies continue to promote and prioritize the technologies that are vital to cyber power, boosting its development by supporting inventions and their adoption. In addition to this, they need to promote a free, open, peaceful and secure cyber space by engaging society as early as possible, altering the awareness status quo of the general population.
We talk a lot about SMEs, but, in reality, these organizations comprise people. It is people who need to be placed at the center of any security policy developed.