It’s official, we’ve moved into darker and even more dangerous times when it comes to cybersecurity. As almost every single business has a digital arm these days, and happily takes advantage of the sales and engagement potential the internet has to offer, it means that businesses are more at risk to be infiltrated by, you guessed it, – cybercriminals.
According to research provided by new security testing platform Avord, a shocking 93% of UK businesses have seen an increase in the number of data breaches in the last five years.
– Even worse, some 96% of respondents included in their research said this was due to poor security testing, revealing a lack of knowledge about cyber-security processes within businesses themselves.
But cyber hacks are not only impacting the operational performance of companies internally, but they are also costing businesses their customer base, and their wider reputation.
Unfortunately, the repercussions for this go beyond remedying the effects of a hack. According to the folks at Avord, here are some of the ways a business can have their long-term financial health impacted by security breaches (if your company hasn’t experienced some of them already):
- Legal costs
- Loss of business contracts
- Loss of customers
- Fines by regulators
- Damage to reputation
- Trading disruption
Clearly, a security breach is something that businesses can do without, and whilst fines and legal costs are things companies can (hopefully) pay off and move on from, loss of customers and reputation damage are longer-term casualties that are harder to remedy.
– So, considering the prevalence of cyber security consultancy services, why are so many businesses continuing to suffer fatal breaches?
Security testing is expensive
According to Avord’s research, across the sectors, from healthcare, energy and finance, to retail and manufacturing, the collective cost of cybersecurity testing stands at an intimidating £6.6 billion pounds in the UK.
“SME businesses (some 95%) almost exclusively outsource the testing of security controls for its critical assets.” – Brian Harrison, Avord
Considering this massive cost, it’s understandable that some 77% of British businesses find these services too expensive.
What’s interesting is that this 77% pertains to the sentiments of businesses of ALL sizes, and not just smaller businesses with limited resources. Added to this, only 21% of UK businesses have in-house staff who can deal with security testing, (this figure is even smaller for SMEs at a dismal 1%).
A lack of knowledge permeates
Avord’s report also reveals a fundamental lack of understanding among businesses about when to test for breaches.
This includes some 71% of businesses being unsure about when they should be testing, with 64% revealing uncertainty about what sorts of tests they should be running.
So, considering the evident fears, frequency and costly effects of cyber attacks, and the lack of understanding around them, it’s no surprise that consultancy firms have taken advantage of this situation and are taking home the big bucks in the process.
Where the inspiration for Avord came from
So, it’s into this void of uneducated businesses and their over-reliance on costly consultancy services that Avord steps in:
“I’ve been in the information security business for 25 years and have worked across many global corporations from energy to banking,” says Avord’s founder and CEO, Brian Harrison. “I was responsible for dealing with breaches and hacks and it was from the frustrations I experienced during this time that made we want to build a new platform to deal with this issue more effectively,” he continues.
“So what are we doing to improve cybersecurity services for businesses? In short, we want to bring value, balance and disruption to this waterlogged sector,” he says.
Consultants are taking advantage
Whilst part of the blame for wide-scale cyber hacks rests on the culpability of hackers and their insatiable appetite for breaching the security walls of companies for profit, businesses could be doing more to protect themselves, but they have been put off doing so, but why?
The answer – overly costly and duplicitous security consultancies have dominated the cybersecurity market for too long, says Harrison.
These firms, he believes, have been doing ‘the work’ for businesses, instead of actually educating them about cybersecurity. Whilst this was initially seen as a saving grace for companies, the result is that companies are as uncertain, and as fearful about cyber breaches as ever.
– In fact, the domination and opportunism of consultancy firms in this space was something of a trigger for the founding of the company, who seek to cut out these ‘middlemen’ from the process entirely:
“It’s a vicious cycle: A majority of companies outsource their cybersecurity service, this means that there are few internal staff who have any solid understanding of dealing with cyber threats,” says Harrison.
“This means there are more breaches, as staff don’t know how to prevent or deal with them, which leads to more businesses outsourcing to third parties and consultants, leading to a culture of ignorance about cybersecurity, and ignorance can be dangerous,” he continues.
“Our goal is to get the price for assistance down, meaning that we can ‘up the security’ for as many businesses as possible across the UK”, says Harrison. – Well, I for one smell an impact business!
“We’re not about reactive information, we’re about offering proactive assistance.”
“It’s time we shook up this market, so we are able to give customers the efficiency they deserve. Many consultants charge big money, but only offer customers stock information and stock advice. They simply take advantage of customer ignorance on cybersecurity, and walk away with the profits,” he continues.
“Consultancies have had it too good for too long, it’s time for the cybersecurity market to get more competitive. Diversifying it will help customers get the services they need.”
Riding the waves of cyber hysteria since the rise of the internet, it’s clear that cybersecurity consultants have painted themselves as the only authoritative source in safeguarding cyber safety for companies.
Taking advantage of the seeming ‘lack of cybersecurity knowledge’ within companies, they are able to charge large amounts of money without their customers really understanding what services they are getting in exchange.
So, in this environment of consultancy related corruption and subterfuge, what does Avord promise customers instead?
How Avord works
- They give clients control over their cyber testing procedures
- Experts work alongside businesses to improve their security
- Delivered through an intuitive and online platform
- Gives customers live status updates
The start of a new era in cybersecurity
It’s clear that whilst digital business has become an increasingly popular and successful method of enterprise, efficient methods to regulate and keep these processes safe have not been found as easily.
This is embodied in a lack of awareness within companies about how to prevent, run tests against and stop cyber attacks, leading to an over-reliance on consultancy firms.
But, hopefully, the rise of companies like Avord can mark the start of businesses great, and small becoming empowered with anti-hacks knowledge, meaning they can grow and play safe in the digital world, for good.
Share this story