Key Takeaways:
- 89% of senior leaders claim that major cybersecurity breaches have made them more alert to potential cyber threats
- 10% of organizations admit they would likely not survive a similar incident
- The average uptime of critical business services across UK organizations is only 73%
- 70% of business leaders are more wary of video involving senior colleagues or their boss due to deepfakes
- The UK government has introduced a second Fraud Sector Charter for telecommunications to combat online fraud and cybercrime
Introduction to Cybersecurity Threats
Major cybersecurity breaches at UK retailers and carmakers last year have raised awareness of online threats among senior executives. However, many warn that they may go out of business if hit by similar incidents. To better understand the attitudes of senior leaders towards cyber risk, Vodafone Business polled 1000 executives across businesses of all sizes. The results show that 89% of respondents claim that big-name breaches, such as those at M&S and Jaguar Land Rover, have made them more alert to the potential impact of cyber threats. Nevertheless, a worrying 10% admitted that their organization would likely not survive a similar incident.
The Cost of Cyber Attacks
The cost of cyber attacks can be devastating. The ransomware attacks on M&S and the Co-op Group are estimated to have cost up to £440m, with M&S alone potentially losing over £300m in losses after its online operations were knocked out for several months. Furthermore, a lengthy outage at JLR cost the UK economy an estimated £1.9bn, making it the most expensive attack of its kind ever recorded. These incidents highlight the importance of investing in cybersecurity measures to prevent such attacks and minimize their impact.
Cybersecurity Preparedness
Despite the increased awareness of cyber threats, many organizations are still poorly prepared for a serious incident. The Vodafone Business poll found that, on average, staff use their work passwords for up to 11 other personal accounts, including social media and dating sites, putting them at risk of credential stuffing. Less than half (45%) of respondents confirmed that staff have undergone basic cyber-awareness training. This lack of preparedness is concerning, especially considering the increasing sophistication of cyber threats, including AI-powered attacks.
The Impact of AI Threats
AI threats are making the job of corporate cybersecurity teams even harder. Around 70% of business leaders told Vodafone that deepfakes have made them more wary of video involving senior colleagues or their boss. Deepfakes can be used to trick employees into divulging sensitive information or performing certain actions, highlighting the need for increased vigilance and education. The use of AI-powered attacks is becoming more prevalent, and organizations must adapt their cybersecurity strategies to combat these emerging threats.
Policymakers’ Response
The UK government appears to be taking notice of the growing cybersecurity threat. A second Fraud Sector Charter for telecommunications was signed by the UK’s major telcos in November and will come into force later this year. The charter aims to eliminate number spoofing, introduce a "traceback" solution to track the origin of suspicious calls, and restore trust in SMS messages by introducing sender ID verification. Additionally, the government will improve threat sharing for AI-generated fraud like deepfake voice cloning and enhance victim support. This renewed focus from policymakers underscores the seriousness of the threat and the necessity of a united approach between industry and government to effectively tackle online fraud and cybercrime.
Conclusion
In conclusion, the threat of cybersecurity breaches is a pressing concern for organizations of all sizes. While awareness of cyber threats has increased, many organizations are still poorly prepared for a serious incident. The cost of cyber attacks can be devastating, and the use of AI-powered attacks is making the job of corporate cybersecurity teams even harder. The UK government’s introduction of a second Fraud Sector Charter for telecommunications is a step in the right direction, but more needs to be done to combat online fraud and cybercrime. Organizations must invest in cybersecurity measures, educate their staff, and adapt their strategies to combat emerging threats to minimize the risk of a devastating cyber attack.
