The UK’s Department for Digital, Culture, Media and Sport has announced its ‘Cyber Security Breaches Survey 2020’ and the findings are both interesting and revealing in terms of how we measure ourselves as an industry. While there were undoubtedly consistencies, the report states that ‘the business findings are in line with those in 2017’. It also highlighted some disparity in terms of how we describe what’s happening in the cyber industry.
The report referenced this specifically with regards to supplier risks. While some businesses only considered this in terms of IT providers, internet service providers and other digital service providers, others also considered non-digital service suppliers. The report raised the question of whether the term ‘supplier risk’ is often too narrow to incorporate the true extent of organisations that a business or charity engages with.
Also, in terms of reporting. For some businesses and charities ‘reporting’ cyber incidents could mean notifying banks or insurance companies, it could mean making incident response teams aware, or it may mean a public declaration of a breach.
You can also see differing opinions in the ‘material outcomes’ of a security breach. In this survey, for those that had experience a breach in the past 12 months, they estimated the cost to be £3,230 on average. Ponemon’s cost of data breach report, however, would put the 2019 average cost closer to $4.88 million. Implying that there are probably some very different definitions and types of respondents asked within each report.
There is no shortage of research reports in the cyber industry and all give us a glimpse into the numbers behind the trends that we’re living and breathing. I wonder though, as we evolve, whether we’ll begin to need some industry wide definitions and descriptions to help us to really be on the same page. Perhaps as regulation and legislation is formed around cyber, the language will naturally find some common ground.
Until then, I think it’s all about making sure we are having conversations with those on the front line of cyber security, by scrutinizing the data, and discussing how it matches up to reality.
In an effort to keep those lines of communication open, we’re chatting all things cyber in our new daily webcast – #ZeroDaysLive – be sure to sign up! And, if you are in search of a definition or two, check out our cyber glossary!