FUTURE TALENT November - January 2019/2020 | Page 46

DEVELOPING CYBER RESILIENCE O ON TOPIC “T here are two types of company: those that have been hacked and those who don’t yet know they have been hacked,” warned John Chambers, former CEO of Cisco. Cyber attacks – defined as “the deliberate exploitation of computer systems, technology-dependent enterprises and networks” – are an unfortunate side effect of our growing reliance on technology. Increasing in frequency and sophistication (and fuelling a cyber-crime economy worth $1.5trn), they have already claimed some high-profile scalps. In 2017, the global WannaCry ransomware campaign crippled the NHS, locking users out of 200,000 computers across 150 countries, with error messages demanding the cryptocurrency Bitcoin. Thought to have been masterminded by North Korea, the hack caused more than 46 // Future Talent 19,000 patient appointments to be cancelled and cost the NHS £92m, including the subsequent  clean-up and upgrades to its IT systems. Other memorable casualties include telecoms provider TalkTalk, which lost £60m and 101,000 customers in 2015 when hackers gained access to the personal details of more than 156,000 people. Only this summer, British Airways was issued a record fine of £183m by the Information Commissioner’s Office after an attack on its website in September 2018 led to a data breach, compromising the details of 500,000 customers. This equates to around 1.5% of BA’s £11.6bn worldwide turnover last year. According to the government’s Cyber Security Breaches Survey 2019, 32% of all UK businesses have experienced some form of cyber attack – but the issue is unquestionably global (and growing). T he impact of cyber attacks can be devastating. Cyber security researchers from the University of Kent have identified at least 57 different ways in which cyber attacks can have a negative impact on individuals, businesses and even nations, ranging from disruption to daily activities to depression, threats to life and heavy regulatory fines. In the EU, including the UK, 2018’s introduction of the General Data Protection Regulation (GDPR) has u p p e d t h e f i n a n c i a l s t a ke s considerably, with firms involved in a data breach facing fines of €20m or 4% of their total global turnover – and that’s before the wider damage from lost customers and reputation is considered (see box, p48). All this makes cyber security a business-critical, board-level issue with a core role for HR. When it comes