INSURANCE
Lee Elgie ( pictured ), managing director of the Teesside office of national insurance brokers Gallagher , reflects on the changing face of cyber-defence
The evolving cyberrisk landscape
PICTURE : CHRIS BOOTH
As technology continues to advance , the threat of cyber-attacks becomes increasingly prevalent . Investing in robust cyber-defence measures can help organisations protect their sensitive data and systems .
Certain sectors , such as finance , healthcare and government , are particularly susceptible to cyber-attacks because of the sensitive data they hold . In August 2020 , the cyber-attack on Redcar and Cleveland Council ’ s website , resulting in more than £ 10m in damages , vividly highlighted this vulnerability . ( 1 )
Industries facing stringent regulations , like this one , must invest significantly in cybersecurity . Additionally , organisations with a high-risk profile , such as those with a history of cyber incidents or operating in politically sensitive regions , may need to allocate more resources to their cyberdefence .
The size and complexity of an organisation ’ s IT infrastructure are significant factors in determining its expenditure on cyber-defence . Larger organisations , with extensive networks , multiple locations and numerous endpoints , require more comprehensive security measures .
However , heightened investment doesn ’ t grant immunity to cyber threats . In February 2022 , the KP Snacks factory in Billingham suffered a ransomware incident , leading to significant disruption and requiring staff to remain at home until
resolved ( 2 )
.
This emphasises the necessity for all organisations , regardless of size , to stay alert and consistently fortify their cyber defences . With infrastructure complexity on the rise , investing in essential security solutions like firewalls , intrusion detection systems , and endpoint protection tools is vital .
98 | Tees Business
The evolving cyber-threat landscape is another critical factor in determining an organisation ’ s cyber-defence spend . Cybercriminals are constantly developing new techniques and exploiting vulnerabilities , making it essential for organisations to stay ahead of the curve . Investing in threat intelligence services , security assessments and regular penetration testing helps identify potential weaknesses and enables proactive defence measures .
Compliance with industry-specific regulations and legal requirements is also a driver for cyber-defence spend . Organisations must adhere to various data protection laws , such as the General Data Protection Regulation ( GDPR ) in the European Union or the Health Insurance Portability and Accountability Act ( HIPAA ) in the healthcare sector . Failure to comply with these regulations can result in severe financial penalties and reputational damage . Therefore , organisations must allocate resources to ensure they meet the necessary security standards and maintain compliance .
According to the government ’ s Cyber Security Breaches Survey 2024 ( 3 )
, many organisations have continued to invest either the same amount or more in cybersecurity over the last 12 months , despite the challenging economic conditions . Among the reasons for this is the perceived uptick in the number of cyber-attacks and their increasing sophistication .
While every organisation is operating largely in the same threat landscape , their specific vulnerabilities may differ , largely due to the different influences on spend mentioned above . Therefore , it is important to conduct a thorough risk assessment to identify these vulnerabilities and prioritise cybersecurity investments accordingly .
Once an organisation ’ s key risks are identified , it will inform decisions around how a business strengthens its cyberdefences as well as where investment may be required in response to a cyber-attack . For example , if gaps are identified in an organisation ’ s digital armour , sufficient focus should be placed on strengthening cybersecurity measures such as vulnerability scanning , penetration testing and endpoint protection tools .
Similarly , if incident response and recovery capabilities no longer reflect today ’ s cyber landscape and the potential fallout from an attack or data breach , businesses may need to focus their efforts on sharpening their response planning . This can involve incident response training , incident management systems and data recovery solutions to minimise downtime and ensure business continuity .
Gallagher works with businesses across the UK in a range of industries to help protect them from cyber-threats and manage their individual risks appropriately . Our team supports businesses with a range of cyber risk management services , including our Cyber Defence Centre which allows clients to take a proactive approach to managing cyber risks .
Regardless of how businesses choose to budget for cyber-defence spending , it should not be seen as a one-time investment or even a once-a-year tick box . It is vital that businesses continuously update their defences to stay ahead and treat cyber risk management as an ongoing commitment , requiring year-round consideration and resources .
Sources : 1 . Redcar cyber-attack ‘ cost council £ 10.4m ’ - BBC News . 2 . KP Snacks factory on Teesside hit by cyber-attack which may lead to shortages of popular crisps | ITV News Tyne Tees . 3 . Cyber Security Breaches Survey 2024 - GOV . UK ( www . gov . uk )