Resources

But cyber criminals and other adversaries have come to appreciate that good money can be made in selling confidential information and trade secrets, or in disrupting essential services and infrastructure. For example, in partnership with the UK Government’s Cabinet Office, we recently estimated that, of the £27bn total cost of cyber crime in the UK, businesses alone are haemorrhaging information worth approximately £17bn every year. Worldwide estimates put the cost of cyber crime at a staggering $1 trillion annually. In the so-called ‘Night Dragon’ attacks, uncovered early in 2011, a huge quantity of highly sensitive information was taken from oil and gas companies around the world. Even high-tech companies like Intel, RSA and Google, and many others, have become victims of sophisticated cyber attacks targeting their valuable intellectual property. It seems that while society has undoubtedly benefited, the widespread and ever-growing use of technology – laptops and other ‘smart’ mobile devices in particular – has expanded the perimeter of every organisation and made them even more vulnerable.

Most attacks are random, non-attributable and entirely electronic, such as the huge volumes of untargeted spam and phishing emails that circulate the globe every year. To a great extent, though, these can be dealt with by using traditional cyber security measures, including commercially available endpoint security solutions such as anti-virus and firewall software. But, according to our 2010 survey of UK businesses, most commercial organisations (over 90 per cent) are concerned about the "twin onslaughts" of sophisticated, persistent external threats and threats of data breaches originating from the ‘inside’. The growing convergence in the physical and cyber elements of an enterprise only heightens the risks of both. Moreover, simply strengthening traditional cyber defences in response is like shutting the stable door after the horse has already bolted.

To read more please download PDF

Back to resources