Helping leadership teams to manage cyber risk and protect shareholder value

Cyber has become an offensive weapon of choice for Nation States.  Why worry about the cost of conventional weapon systems when you can ‘let the code’ do the attack for you.  When you can buy 1,000 good hackers for the price of a conventional weapon systems such as an F35.  Hackers have many benefits, you can switch hackers on or off as required, there are with no annual maintenance costs and you can pay for hackers from the ‘rewards’ obtained through fraud and financial crime.  This is one of a number of reasons why cyber risk is the biggest non-financial risk for both the public and private sector.

No matter what products or services an organisation provides healthcare, financial services, government services, manufacturing or utilities they rely on IT, social media, mobile communications, OT and data to manage their most basic of needs.  Data is used at all levels from the board room to the shop floor, integrated into all aspects of organisational strategy, product design, manufacturing, operations and services.  Digitally connected and data dependent.  The 2019 Norsk hydro hack demonstrated a cyber attack can take a business off line in hours and revert it back to pen and paper for months.

Society is digitally dependent, relying on digitally enabled services such as utilities, financial services, telecommunications, manufacturing and production, commodity extraction and transport rely on technology and data to integrate long supply chains for the delivery of products and services. 

Our reliance on digital, IT platforms and data has driven cyber risk and cyber security.  A capability which is the responsibility of leaderships teams to deploy for their companies, clients and stakeholders.  If there was any doubt that cyber is a ‘nice to have’ organisation capability one simply has to look at some of the well publicised cyber attacks including ‘Not-Petya (2017)’ and more recently ‘SolarWinds (2020)’ which originated from Nation State threat actors and their proxy’s.  Or examine the regulatory direction which the US and EU are taking with the development of EU-NIS or the DoD Cybersecurity Maturity Model Certification (CMMC) programme.

Cyber security and cyber risk management is a core organisational requirement.  One which impacts both the top and bottom line and one which regulators actively participate in.

The strategic, operational and regulatory impact of cyber on financial statements

Cyber is a risk which impacts all financial statements, balance sheet, cashflow and profit and loss. Cyber attacks impact both the top and bottom line. The costs to fix the issues identified in the attack, communicating and compensating customers, lost revenues and sales, the associated brand and reputational damage and the on-going legal costs. The legal fallout of a cyber-attack can run for several years and the impact to corporate brand will never disappear. Target, the US retailer has not lost the reputation it gained following its cyber-attack in 2013, where information relating to approximately 40 Million credit cards was stolen. The attack on Talk-Talk in 2015, still warranted column inches in the UK national press in June 2019.

Bottom line costs, such as those associated with the costs to implement the cyber security practices to protect the company from cyber-attacks in the first instance are significant. There is growing evidence that the share price of companies is affected by a cyber-attack and credit rating agencies are running programmes to evaluate the impact of cyber security on credit scoring, which will have a direct impact on the cost of credit for companies in the financial markets.

Chartered Security Professional (CSyP)The Institute of Mechanical Engineers (IMECHE). The UKs largest professional body representing Mechanical Engineers and Chartered Engineers.Security Institute (MSyI)Worshipful Company of Security ProfessionalsAcademy of Experts