1 . Everyone is waiting for 25th May

“ This is the day that the General Data Protection Regulation ( GDPR ) comes into force . Most firms have taken time to understand what GDPR may mean for them , and in many cases have reviewed ( or even partially disposed of ) their holdings of personal data . It is far harder to predict quite how sanctions under GDPR will be applied by the various regulators . We can expect a few high-profile examples to be made early on , but perhaps not the tsunami some expect . Nevertheless , privacy rights are on the agenda .

2 . Criminals will hunt out the weak points

“ Organised crime groups will be increasingly creative on monetising stolen information and accessing systems . We can expect more attempts to initiate fraudulent payment transactions ( often with social engineering elements ), as well as ongoing interest in our core financial infrastructure including payment and trading platform gateways .

3 . Governments will continue to block and tackle cybercrime

“ As criminals industrialise cyber-attacks using crime as a service model to rent attack tools and ransomware , governments are increasingly looking for ways to disrupt the infrastructure used by criminals . Closer links with telcos and service providers are being built along with the operational processes needs to block sites hosting malware , detect and counter phishing attacks . Community measures linked to improved intelligence sharing will start to make a difference .”

Security can no longer engage at the end of development cycles

4 . A new model of cyber security will emerge

“ As firms invest more in cloud computing , a new model for cyber security is emerging . Increasingly , firms can look to cloud providers to embed good IT security , but firms still own the problem of setting their requirements and determining just who can access what . Security can no longer engage at the end of development cycles , and if it does , it risks being seen as a blocker rather than an enabler .”

5 . Automation of controls and compliance will be the order of the day

“ Firms are coming under pressure to contain their burgeoning cyber security budgets . Manpower intensive compliance processes are beginning to give way to continuous testing and controls monitoring , helping firms build a more accurate picture of their IT estate – helping the CIO as well as the CISO . The growing demand for supply chain security and third-party assurance will also lead to a burgeoning industry of testing firms offering risk scoring and testing services for those third parties .”

6 . Digital channels will demand customer centric security

“ Digital channels are becoming more and more sophisticated demanding new consumer identity and access management approaches , dynamic transaction risk scoring and fraud controls , and an emphasis on usable non-intrusive security measures which don ’ t impact the consumer ’ s experience . Open Banking and the arrival of Payment Services Directive 2 will drive richer interactions between a new ecosystem of payment service providers and the banks who handle our money .

7 . The internet of insecure things continues

“ Criminal groups continue to exploit insecure ‘ internet of things ’ devices as sources of attack traffic for denial of service attacks , leading to more and more extortion attacks but also an increasingly sophisticated response from the international community involving telcos , content delivery networks and Distributed Denial of Service ( DDoS ) mitigation firms . Unfortunately , this response won ’ t be consistent globally , and many nations may find themselves vulnerable to these attacks which will cause major disruption in 2018 .”

8 . The shadow of state activity lengthens

“ As countries invest to develop their cyber espionage and offensive capabilities , we will see more signs of their activities . Disclosures of high end techniques used by nations will continue , fuelling the opportunistic re-purposing of these vulnerabilities by less

sophisticated states and organised crime groups . Expect more evidence of industrial control system attack tools being tested as states explore the potential of this new form of warfare .”

9 . Resilience and speed matters

“ Regulators are focussing on resilience – the ability of an organisation to anticipate , absorb and adapt to disruptive events – whether cyber-attack , technology failure , physical events or collapse of a key supplier . Exercises and playbooks are in fashion as firms try to build the muscle memory they need to respond to a cyber-attack quickly and confidently , while cyber insurance is finding its place not just as a means of cost reimbursement but as a channel for access to specialist support in a crisis .”

KPMG is a global network of professional firms providing audit , tax , and advisory services .

Research from the Federation of Small Businesses has shown that the impact of late payments on SME ’ s and the self-employed is crushing . The research has shown that the issue causes more than 35 % of small businesses to run into cashflow difficulties

while more than 30 % have been forced to use their overdraft facilities .

At the more extreme end of situations , cashflow issues can and do cause businesses to fail . The FSB estimates that this single issue has caused more than 50,000 businesses to close annually .

Despite most small businesses being savvy about cashflow , the majority of late payments ( 84 %) to small businesses and the self-employed are more than two weeks late , with an average delay of about six weeks . It ’ s worth being aware that large businesses

are the most likely to pay late – 61 % of late payments are from large , private firms .

Regency Factors , one of the UK ’ s oldest and most established independent invoice finance companies , has found that late payments have caused its

able to support clients through hard times

clients to use its facilities on an increasing basis .

A spokesperson said : “ We have been able to support

clients through hard times , allowing them to concentrate on their business , not just their cashflow as clients know that they will receive payments for their invoices immediately , allowing growth .”

www . regencyfactors . co . uk