• Home
  • /
  • Enterprise
  • /
  • Prepare to manage the aftermath: reducing the impact of cyber crime

Prepare to manage the aftermath: reducing the impact of cyber crime

Organisations can take up to five years to recover from a serious cyber breach, and some never recover at all, says Deloitte Africa. Preparedness helps organisations manage the aftermath of an attack more effectively.

Johannesburg, 08 Nov 2016
Henry Peens, Associate Director: Risk Advisory Africa at Deloitte
Henry Peens, Associate Director: Risk Advisory Africa at Deloitte

Henry Peens, Associate Director: Risk Advisory Africa at Deloitte, says the immediate impacts of an attack are just the tip of the iceberg: the longer-term impacts can make up the bulk of the damage incurred by an organisation that is breached by cyber criminals.

In Beneath the surface of a cyberattack: A deeper look at business impacts, Deloitte's cyber crime experts illustrate the immediate cost and impact of a breach can account for less than 20% of the total damage caused. The majority of the damage emerges over the next three to five years as business value and customer relationships suffer.

"The extent of the long-term damage is only starting to come to light now, as we review the impact of high-profile breaches. Nonetheless, the C-suite around the world is increasingly concerned about cyber security, even though they don't yet understand the full impact cyber crime can have," says Peens. "Globally, cyber security has become a top five board priority."

Peens believes moves to quantify the impact of cyber crime, driven in part by a surge in cyber crime insurance, will help organisations weigh up the costs of mitigation against the losses that could potentially be suffered. "There is a great deal of interest in quantifying the damage caused by a cyber security breach, or even the damage sustained due to unforeseen downtime or a disaster."

"There is no question about it - everyone will get breached," he says. "But the extent of the damage will depend on a number of factors beyond the breach methods, what was compromised or how long the organisation was offline for.

Beyond the reactive incident triage phase, in which technology is restored and business disruptions are addressed, the remediation phase must look to impact management and business recovery: repairing damage to the business and preventing the occurrence of a similar event in the future. After an attack, costs include legal costs, increased insurance premiums, increased cost to raise debt, lost contracts and devaluation of trade name. In some high-profile cases, these losses have amounted to tens of billions of rands.

The organisation's level of preparedness, and the speed with which it detected and reacted to the breach, go a long way to reducing the long-term impact. "The severity of the damage depends a great deal on the speed and efficiency of the organisation's response to it," he says. In high profile companies, the board must be prepared and a media spokesman briefed within hours of a breach, to illustrate transparency and mitigate future loss of trust, he notes.

Deloitte's new Cyber Intelligence Centre in Johannesburg is seeing a sharp increase in local clients as enterprises come to grips with the real, long-term damage that could be suffered as a result of breaches. The centre, one of 20 now supporting Deloitte clients worldwide, assists clients in assessing the potential costs of a breach, offers outsourced incident monitoring and response, and helps organisations respond appropriately to mitigate the long-term damage of a breach. "This is particularly important for mid-sized clients who do not have extensive cyber security expertise in-house," says Peens.

Deloitte Managed Security Services (MSS) offers Cyber Monitor, a 24X7 "eyes on glass" monitoring service; Cyber Watch provides a complete threat life cycle solution, including threat intelligence feeds; Cyber Check delivers a continuous vulnerability scanning and management service; and Cyber Respond prepares the organisation to respond and defend its systems and networks against cyber incidents. With around 65 high-level cyber security experts on call at the company's offices in Woodmead, Deloitte's South African Cyber Intelligence Centre delivers its services on a subscription basis, implemented in a phased approach to allow organisations to cover their most critical areas first and extend their coverage later. Deloitte assists companies in identifying their potential risk, determining the overall value to the business of various parts of the organisation and devising strategies in line with their appetite for risk.

"Proactive scenario planning and cyber crime mitigation is not just the domain of the IT and risk departments: now, it needs to involve every part of the business," says Peens. This proactive approach to cyber risk must be driven by the board, in a top-down approach that engages every department."

Learn more about the Cyber Intelligence Centre here: