Growth & Jobs | Investing in cybersecurity will safeguard companies’ reputation, viability

Companies should invest in cybersecurity to ensure their viability, protect their customers’ data, and safeguard their reputation says Melisa Lindsay, manager for technology consulting at MC Systems.

Lindsay explained that investment in cybersecurity was vital, given the increase in the number of data breaches and cyberattacks, especially since the COVID-19 pandemic. She noted that with cybercrimes expected to cost the world US$10.5 trillion annually by 2025, more companies need to take steps to protect their networks.

“Data breaches have cost companies millions over the years. In fact, it is said that some 60 per cent of small businesses close within six months of a cyberattack because of the costs associated with recovery. If there was a situation here where many small businesses were affected by a cyberattack, you can understand how it would impact our growth projections in terms of jobs since small businesses employ more than 80 per cent of our workforce,” she explained.

“Many companies in Jamaica and the Caribbean have embraced the use of more digital and web-based technologies, so they are more exposed to IT security threats such as viruses, malware, ransomware, trojan, adware, spyware, denial of service attacks, just to name a few. Therefore, they need to invest in cybersecurity owing to the impact it can have on their bottom line,” she added.

Lindsay noted that data breaches have affected big companies by damaging their credibility, which can cause losses to shareholders.

“When we look at larger companies in North America and Europe, for example, where data breaches have caused companies’ stock prices to fall, if even in the short term, these breaches may have been caused by a failure to have the proper systems, policies, and training in place for company employees. Additionally, the practisce of not addressing vulnerabilities found increases the possibility of a breach occurring, which may have significant financial loss and reputational damage for companies and customers as well due to the exposure of pertinent information or data,” Lindsay noted.

The Harvard Business Review noted that cyber incidents could sink companies’ stock prices, with publicly traded companies suffering disruptions to their supply chain and not being able to serve their customers efficiently. It added that in the long term, the consequences could be telling, with companies in the healthcare sector in the United States of America, for instance, losing US$7.8 billion annually because of the downtime caused by cyber breaches. This loss, though passed on to consumers, also made the companies affected less competitive since the prices of their products and services would now be higher.

Lindsay affirmed that many data breaches have resulted from employee mistakes. The IT expert explained that it was not uncommon to discover that a ransomware attack was successful because an employee clicked a link, opened an attachment, or inserted a drive in breach of company policies. She said an organisation’s end-users also have a role to play in protecting the data resources. Lindsay said security-conscious organisations should ensure that they employed the necessary tools to withstand cyberattacks.

“One of the first things companies need to do is employ cybersecurity experts who will take the necessary steps to protect their resources, which will benefit the company, their employees, and shareholders in the case of the larger entities.” She added that cybersecurity experts conduct a variety of tests and training to ensure that organisations are protected.

“Cybersecurity experts would conduct vulnerability assessments, penetration testing, employee training, create firewalls, and carry out identity and access management to protect the organisation,” she explained.

“These steps are important because they carry out different functions. For example, penetration testing simulates real-world attack scenarios by demonstrating access to systems and data through the exploiting of discovered vulnerabilities. It also tests customers’ infrastructure and applications for weaknesses and helps us to understand the impact of a cyberattack on customers’ business.”