- Our Work
- The Reformer Blog
10 June 2015
Modern technology presents organisations with a wealth of opportunities. In 2013, Cisco estimated that the Internet of Everything – that is, the networked connection of people, process, data and things – could generate as much as $4.6 trillion in value for the public sector and $14.4 trillion for the private sector worldwide. However the flipside of this vast potential are the risks posed by cybercriminals; as interconnectivity grows, the task of securing data and connections becomes ever more complex, while the failure to do so becomes ever more damaging. According to a survey by PwC, over the year 2013 information security breaches grew by 48 per cent reaching 42.8 million globally in 2014. Of European government agencies just 21 per cent surveyed experienced no breaches in 2014.
Recent news from the United States on security breaches of the Office of Personnel Management, the Internal Revenue Service as well as police forces highlight the impact on a wide range of public institutions, as well as the varied nature of cyber threats. Cyber breaches may happen at the behest of foreign governments or be attempts at extracting ransom payments for stolen data. Cyber threats can also arise from within an organisation – through careless actions or even malicious intent on part of employees. Consequently, organisations in the public as well as the private sector must address cyber threats not merely as an IT issue but as a major operational risk.
Cyber resilience means security against breaches as well as limiting the damage from breaches when they happen. Encryption can play a key role in the latter, leaving data unusable to successful hackers. More widely, organisations must consider everything from working processes and practices to technology and software. Encouragingly, proactive management of information security can help an organisation innovate and grow.
Just as the brave new world of technology offers new opportunities of crime, it also enables law enforcement to pursue criminals. Comprehensive threat intelligence, allied to sophisticated analytics, can be exploited to identify crime patterns and cybercriminals. Such an effective response, however, requires public or private sector organisations to cooperate with law enforcement and law enforcement to cooperate across boundaries – local, national and international. Moreover, it requires law enforcement to put in place comprehensive cybercrime strategies, including addressing the need for police staff training. According to HMIC just two per cent of police staff have so far undertaken relevant training, despite this being a growing focus for forces.
Information security is one of the key challenges facing public and private organisations today. Unless the public sector and businesses have security practices in place that foster trust among consumers and the wider public, the vast potential value from technological developments cannot be realised.
These themes will be discussed at Reform’s major post-Election conference Cyber security: assurance, resilience, response on 16 July 2015 held in partnership with KPMG and BT.
Camilla Hagelund, Senior Researcher, Reform