That Business Senior Management must give priority attention to the problems arising from the use and application of "digital" in their organizations is something that this editorial insists on every week. Once other basic, key, parameters have been assured -i.e., to be able to develop entrepreneurship in a context of political stability and under a legal framework that offers guarantees-, today's organizational dependence of IT (respectively, OT) brings -should bring- the possibility of a cyber incident to the first line of concern for all those with an interest in the organization. These include executives, as well as investors. Not surprisingly, the concern of the latter has a clear ability to affect the concern of the first: impairment of a company on the stock market (concern of the first) is a direct consequence of the loss of confidence by the market (reflecting the concern of the latter), after learning that this may have suffered any major cyber incident.
The firm Slaughter & May provided, in March 2015, some unquestionable data: in the case of Heartland Payment Systems, the company lost 46.3% of its value, just three days after disclosing a security breach on their computer systems, on January, 20th, 2009; a figure that would reach 49.54% one month later. More recently, AOL, another firm within Slaughter & May’s radar, reported a new security breach on April, 28th, 2014. Three days later, AOL’s price had fallen by 1.7%. A month later, the loss came to 23.56%.
However, the price of attacked companies is not the only falling. These days a downtrend is seen also among the group of companies offering cybersecurity. Some talk of a bubble, by analogy with what happened on the Internet fifteen years ago. Others are more optimistic. Robert Herjavec, founder of security firm Herjavec Group, recently asked about this issue, stated: "I don't think cybersecurity is overheated, I think the market of start-ups getting funded is overheated. I think there is an inconsistency in the market for the next three to five years, because there are too many niche companies chasing too few dollars".
Meanwhile, hackers seem to be the ones getting the money; though there is disparity in opinions regarding this, too. Hackers whose actions on industrial control systems have an unstable counterweight: the measures in response to cyber incidents caused in this environment does not seem to count with appropriate maturity, yet. In fact, in some cases there is a total lack of planned response.
Other times, even when plans to deal with crisis situations exist, the lack of coordination between the affected parties -born, probably, due to a bad internal communication- makes these plans prove equally irrelevant.
Deepen these and other topics in our weekly "Newsletter". Subscribe here and enjoy reading!