FUTURE TALENT November - January 2019/2020 | Page 46

DEVELOPING
CYBER
RESILIENCE
O
ON TOPIC
“T
here are two types of
company: those that have
been hacked and those
who don’t yet know they
have been hacked,” warned John
Chambers, former CEO of Cisco.
Cyber attacks – defined as “the
deliberate exploitation of computer
systems, technology-dependent
enterprises and networks” – are an
unfortunate side effect of our growing
reliance on technology. Increasing in
frequency and sophistication (and
fuelling a cyber-crime economy worth
$1.5trn), they have already claimed
some high-profile scalps.
In 2017, the global WannaCry
ransomware campaign crippled the
NHS, locking users out of 200,000
computers across 150 countries, with
error messages demanding the
cryptocurrency Bitcoin. Thought to
have been masterminded by North
Korea, the hack caused more than
46 // Future Talent
19,000 patient appointments to be
cancelled and cost the NHS £92m,
including the subsequent  clean-up
and upgrades to its IT systems.
Other memorable casualties
include telecoms provider TalkTalk,
which lost £60m and 101,000
customers in 2015 when hackers
gained access to the personal details
of more than 156,000 people. Only this
summer, British Airways was issued a
record fine of £183m by the Information
Commissioner’s Office after an attack
on its website in September 2018 led
to a data breach, compromising the
details of 500,000 customers. This
equates to around 1.5% of BA’s £11.6bn
worldwide turnover last year.
According to the government’s
Cyber Security Breaches Survey 2019,
32% of all UK businesses have
experienced some form of cyber
attack – but the issue is unquestionably
global (and growing).
T
he impact of cyber attacks
can be devastating. Cyber
security researchers from
the University of Kent have
identified at least 57 different ways in
which cyber attacks can have a
negative impact on individuals,
businesses and even nations, ranging
from disruption to daily activities to
depression, threats to life and heavy
regulatory fines.
In the EU, including the UK, 2018’s
introduction of the General Data
Protection Regulation (GDPR) has
u p p e d t h e f i n a n c i a l s t a ke s
considerably, with firms involved in a
data breach facing fines of €20m or
4% of their total global turnover – and
that’s before the wider damage from
lost customers and reputation is
considered (see box, p48).
All this makes cyber security a
business-critical, board-level issue
with a core role for HR. When it comes