The document discusses the challenges of cybersecurity in today's data-driven age. It notes that the rapid growth of technology and data has created significant challenges for data security and regulatory compliance. Additionally, as organizations adopt more sophisticated digital business models, the board's need for assurance around data access and security increases. The document outlines some of the key challenges in combating cybercrime, such as consumers and SMEs not fully comprehending the threat or how to defend against it. It also notes that increased regulation around data protection and privacy adds further complexity, highlighting the importance of transparency and education.

1. THE FUTURE OF CYBERSECURITY

2. Wilton & Bain and Kaspersky Lab were
delighted to host a lively, informative and
convivial evening to discuss the challenges of
Cybersecurity in today’s data age. We were
joined by Paul Johnson CIO at Aldermore,
one of the UK’s foremost challenger bank
success stories, who provided an insight into
the challenges faced by industry.
“Cyber threats are a
plague that respect no
national boundary,
corporate or institutional
fortress or any definition
of privacy”
Piers Marmion, Chairman,
Wilton & Bain.

3. Paul confirmed that the rapid evolution of technology over the
decades, and the exponential explosion in the quantity of data
generated, shared and stored, has created significant challenges for
data security and given rise to onerous regulatory requirements. The
juxtaposition of managing this risk, while striving for agility and
innovation, is a modern day organisational challenge.
As organisations mature from basic e-commerce offerings to more
sophisticated digital business models, and ultimately the advent of
robotics, the Board’s need for assurance around access control and
data security grows. In order to move along the digital maturity
curve, securing revenue streams and differentiation through digital
channels will require an aggregation of services, which do not
typically reside within traditional business models.
Risk vs. Agility

4. The amorphic nature of malware and ransomware-
some random, some targeted, some highly
sophisticated, andsome crude, require constant defence.
The need to understand where your data is coming from
and going to requires wider assets than most internal
organisational resource can provide.
Staying secure will necessarily require expert assistance
best delivered through trusted partners. The strategic
role of the CIO must ascertain what services and
expertise are required in order to balance the security
risk without destroying innovation.
The Role of the CIO

5. Sergei Novikov, Head of R&D at Kaspersky Labs reiterated that the
threat landscape is becoming more pervasive and sophisticated. Both
the number, and complexity, of incidents for individuals and
enterprises is growing, not least with the increase in the use of
personal devices and cloud services, which are easier to infiltrate. The
targeting of cyber attacks is also becoming more sophisticated as high
profile attacks on critical infrastructure are more commonplace.
However, the exact scale of the problem is difficult to quantify as
many attacks go unreported for fear of reputational damage. One
estimate suggests the annual cost of cybercrime could be as high as
US$575bn (McAfee, 2014).
The Cost of Cybercrime

6. There are a couple of key challenges in combatting cybercrime.
Firstly, consumers and some enterprises, particularly SMEs, do not
fully comprehend the nature of the threat and therefore how to defend
themselves appropriately. Secondly, there is a global shortage of
cybersecurity expertise to fight against malware players who are
increasingly sharing their products to extend their reach.
The first step must be education and raising awareness levels. For
organisations, the weakest point will always be the employees.
Policies need to be dynamic and constantly communicated. CIOs have
a responsibility to own and mitigate the risk by implementing the best
available technologies and solutions,. This is no substitute for driving
a culture which behaves in an informed, cyber-secure way.
The Challenges - Awareness

7. The challenge of increased regulation around how businesses are
allowed to handle personal data (GDPR) elicited interesting debate
on the topic of who actually owns personal data, an issue made more
complex by the adoption of IoT. How an organisation handles
personal data is an intrinsic element of the relationship between a
company and its customers. Transparency is key to building trust
with consumers.
Younger generations don’t seem to show any particular concern for
who sees their personal data and have a similar disregard for
protection. This provides easier access for cybercriminals and
weakens the entire data ecosystem. Conversely older generations can
be ostracised from goods and services through a lack of
understanding of technology, and over-concern over the use of their
personal data. Again, education and awareness is paramount to
building a common sense based pragmatic and secure approach.
The Challenges - Regulation

8. Similarly, GDPR will undoubtedly impact how organisations develop
new products and services. Regulations that are designed to keep
consumers’ data ‘safe’ can hamper the development of innovative,
tailored offerings, thus diminishing commercial return. Striking the
balance between managing risk and encouraging innovation is a key
management challenge in data driven economies.
In summary, the digital age has given rise to a new style of invisible
criminal. The first line of defence is around education and awareness
of the risk, particularly informing customers and employees of safe
practice. Regulation around data protection is prevalent, but the
application of appropriate safeguards ultimately sits with those who
are manipulating and storing data. It rests with the CIO to be
accountable for the risk, and build a secure data environment,subject
to constant review. One thing is for sure, cybersecurity will remain the
foremost 21st century risk for the foreseeable future.
Summary
© Wilton & Bain 2016

9. The Wilton & Bain Group is a global leadership
advisory boutique which provides executive search,
interim management, management consulting and
recruitment services.
As a challenger brand, we have been a forerunner
in this market for over 15 years, working alongside
some of the world’s leading companies.
We specialise in the Information Technology, HR,
Media, Professional Services and Financial
Services Industries, delivering outstanding
leadership teams for the most innovative
companies globally.
As a result the company has achieved exceptional
growth over recent years and in 2013 were
recognised in the Sunday Times fast-track 100 as
the 67th fastest growing company headquartered
in the UK.
© Copyright of The Wilton & Bain Group 2016