The excerpts from Accenture report “Securing the Digital Economy,” states that businesses are increasingly becoming more dependent on the digital economy and the internet for growth.
A decade ago, less than one in four companies relied on the internet for their business operations. And now, for nearly 90% of businesses, a trustworthy digital economy is critical to their organisation’s future growth. But the growing need for digital innovation is also exposing organisations and individuals to new challenges.
As the number of cyber-attacks increase, and take more time to resolve, the cost of overcoming cybercrime continues to rise. In the last year, we have observed many stealthy, sophisticated, and targeted cyber-attacks against public and private sector organisations. Combined with the expanding threat landscape, organisations are faced with a steady rise in the number of security breaches—from 130 in 2017 to 145 this year (see Figure 1).
500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018. (Marriott). In 2017, the Equifax Breach affected 147.9 million consumers.
The cost to companies?
Alongside the growing number of security breaches, the total cost of cybercrime for each company increased from US$11.7 million in 2017 to a new high of US$13.0 million in 2020 — a rise of 12 percent. Our detailed analysis shows that Banking and Utilities industries continue to have the highest cost of cybercrime across our sample with an increase of 11 percent and 16 percent, respectively.
Marriott-Starwood data breach did cost the company $28 million. The Equifax breach made the company loose over $4 billion. Consolidating these findings across industries globally, we found that the total value at risk from cybercrime is US$5.2 trillion over the next five years.
What kind of Attacks?
Whether by accident or intent, many employees are often the root cause of successful cyber-attacks. Executives polled in the Accenture 2018 State of Cyber Resilience survey identified the accidental publication of confidential information by employees and insider attacks as having the greatest impact, second only to hacker attacks in successfully breaching their organizations.7
Cyber criminals are adapting their attack methods. They are using the human layer—the weakest link—as a path to attacks, through increased phishing and malicious insiders.
Phishing and social engineering attacks are now experienced by 85 percent of organization, which is a concern when people continue to be a weak link in cyber security defense.
Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It's one of the oldest types of cyber-attacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.