Originally posted on 13 Dec 2013
The Government is stepping up its interest in cybersecurity and professional firms are being advised to start tackling the issue head-on.
A unique combination of factors arguably makes professional firms, including legal and accounting practices, the perfect target for a cyberattack. First, these firms hold valuable client information – much of which could be of enormous value to cybercriminals and which, in the wrong hands, could do enormous damage. And second, professional firms tend to fall short of organisations in other industries when it comes to having the appropriate level of cyberdefences in place. In other words, we have an obvious target that is poorly-defended. It’s the perfect storm.
This week’s announcement that accountants could be joining with lawyers to form Alternative Business Structures (ABSs) could motivate “cybervillians” to attack unwary professional firms.
Recent developments in cybersecurity mean that now is the perfect time for professional firms to either revisit their existing strategies or create entirely new ones.
Launch of “Guiding Principles”
As part of the UK’s Cyber Security Strategy, the UK internet industry and Government have recognised the need to co-develop a series of “Guiding Principles” to improve online security and defend business and individuals against cyberattacks.
The National Security Strategy classed cybersecurity as one of the UK’s top priorities alongside international terrorism, international military crises and natural disasters.
The cybersecurity statistics speak for themselves and explain why this is rapidly moving up the agenda for most organisations:
• 93% of large corporations and 87% of small businesses reported a cyberbreach in the past year.
• On average, over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet (GSI) every month. These are likely to contain – or link to – sophisticated malware. A far greater number of malicious, but less sophisticated emails and spam are blocked each month.
• The cost for a cybersecurity breach is estimated between £450,000 to £850,000 for large businesses and £35,000 to £65,000 for smaller ones.
What are the Guiding Principles about?
The Guiding Principles are designed to build on, and complement, existing sources of internet safety advice and guidance, for both businesses and consumers. They are designed to “learn” from similar initiatives that have been developed overseas. And they will sit alongside separate initiatives, for example those in relation to the protection of children online.
They cover the following three areas:
• Section 1: ISPs’ activities to help their customers protect themselves from cyber threats.
• Section 2: Government activities to help protect consumers and businesses from cyber threats.
• Section 3: Government and ISP activities in partnership to help protect consumers and businesses from cyber threats.
The Guiding Principles are just another example of a general shift towards increased cyberregulation, both in the UK and overseas. “Cybersecurity” is fast moving from being the buzzword of the day to a real-life, real-world concern that needs to be addressed. My team and I predict that this trend will continue well into 2014 and beyond, ramping up the legal, regulatory and commercial pressure on firms to step up and tackle “the cybersecurity problem”. Indeed, we expect clients to add another question to their list when they seek out a professional firm: “Can you tell me about your cybersecurity practices?”
Stepping up and tackling “the cybersecurity problem”
Many are predicting that a law firm or accountancy practice could actually be taken out by a cyberattack. Apart from the disastrous effect of such an attack on a professional firm’s reputation, the possibility of uninsured negligence claims looms large on the list of issues that partners are becoming concerned about.
In the coming weeks, my organisation, Bizezia, plans to launch a set of cybersecurity tools, tailored specifically for professional firms, because we believe that now is the time for our sector to step up and tackle the cybersecurity problem head-on. Bizezia’s understanding of the demands of running a professional firm mean that we are uniquely well-placed to support our clients as they navigate these challenges. Our goal is and always has been to make business easier. Our approach to cybersecurity will be no different.
If you would like to hear more, please do not hesitate to contact us. We’d love to hear from you.