Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
27 Jul 2023
Insight
Never mind that the cyber security industry has existed for decades, when it comes to business, not to mention the increasingly virtual ways we live, never has there been such an era of anxiety about the safety of our digital spaces. The spheres of high finance, defence, healthcare, critical infrastructure and now our personal lives all rely on online nervous systems susceptible to attack by malevolent forces. As more devices connect to complex networks – a trend accelerated by the Covid-19 pandemic – more vectors become available to cyber criminals, many of which have been emboldened by the autocracies that have increasingly blurred the lines between crime and war.
The consequences of these attacks can range from costly to catastrophic. But, crucially for boardrooms, they have also grown more frequent and severe. A business may face a significant ransomware attack, an air-traffic control system could be compromised, or the data of thousands of customers leaked.
As if that was not enough to arrest the attention of boardrooms, businesses are also contending with an increasingly complex regulatory landscape and litigious environment. Moreover, questions are now being raised about whether insurance can effectively cover such risks.
Indeed, insurance may become less available in the future, with some providers stepping back from ransom-related cover. Such is the concern, Zurich chief executive Mario Greco has warned state-sponsored cyber-attacks could become "uninsurable".
Herbert Smith Freehills (HSF) partner Cameron Whittfield, whose practice focuses on all aspects of cyber security and emerging technologies, sets out the terrain: "We should be prepared for a broad range of risks and while there remains a lot of focus on high-profile cyber extortion events, the risk landscape is materially broader. We are also seeing business impacted by increasing cyber-related fraud and nation state activity, particularly given the evolving geopolitical landscape. Regulators are also increasingly active and resourced, often looking to directly inculcate officers and directors of corporates."
In the fourth instalment of our TechQuake series on the digital tools that shape our world, we explore what is driving the rise in cyber risks and assess how boardrooms can enhance the resilience of their businesses in the face of this escalating threat.
We are seeing businesses impacted by increased cyber fraud
Cameron Whittfield
Partner, Melbourne
Under siege
"There are three main trends businesses are contending with," says Andrew Moir, who is global head of HSF’s cyber and data security practice. "An increasing legislative burden, a more contentious environment following cyber incidents, and an increased focus on individual liability. All companies are affected by these issues in one form or another."
The legislative angle is increasingly complex in jurisdictions across the globe. In the UK, for example, from the Computer Misuse Act in 1990 and the EU Data Protection Directive of 1995 through to the Security of Network & Information Systems Regulations in 2018, the UK's General Data Protection Regulation (GDPR) in 2021 and the upcoming EU AI Act, business is wrestling with a myriad of government interventions impacting digital security. In the US, the White House has published its National Cybersecurity Strategy, looking to improve cyber investments and risk allocation. The Australian Government is also developing the country’s cyber security strategy, foreshadowing material legislative reform.
"A lot more legislation comes through than is repealed, so you end up with an ever-increasing burden on businesses," adds Moir. "Plus, cyber security is a multinational issue, which means you have to deal with multiple regulatory regimes across the jurisdictions you operate in. And those regulatory regimes typically require different things. It becomes a minefield."
test
test
test
Test
test
test
lorem ipsum.