The nature of personal data and company data means that its increasingly "online" and mixed up in the day to day activity. Employees typically spend 20 to 30% of their day on mobile devices, and from several surveys have shown that only a quarter of that is just speaking, the other 75% is surfing websites, using social media, sending transactions and searching data. Life is increasingly connected and a recording of experiences from home, work, travel and social events.
The number of threat points, as security experts call it. is therefore rapidly increasingly the vulnerability points whether you are a large corporate, a small business or an individual. A cyber-attack is often with little to no warning, it is not a physical break-a-entry; it is often more a slowdown of a website that may be noticed, or a more dramatic denial of access to company information or systems that could be demanding a ransom which could mean hours or longer when the company data and systems are frozen, locked out and preventing business transactions. Then the data breach of stolen customer data in high profile cases mean serious trust and privacy loss and compensation legal issues for company's who suffer this fate.
This requires the right skills, right leadership and company culture; company board directors can't assume it's a trivial or deferred issue. The complex technical issues of enterprise networks and security identity access to the correct encryption, backup and response to attacks is increasingly miss understood and risking information and financial theft, and the wider brand and reputation of the company.
It is not surprising that the recent EEF small manufacturers association study (1) exposing underinvestment in cyber security, finding only a third of companies with a response plan to attacks and just a quarter monitoring and looking for threats. There is so much to potentially lose in a fraction of a second that the explosion of the digital economy and connected products and services are raising every day. Knowledge of the value of risk and having even basic security controls are critical "eyes" that are necessary today. This gets even worse when many companies use subcontractors and many partners and suppliers that they have to work with, share data and may have no visibility of their security safe guards, yet rely on their due diligence.
Company's large and small can take good precautions to seek to reduce cyber risk, selecting partners and cloud computing providers that have security access controls, use encryption and security on networks is a start. It also needs better employee awareness and disciplines in using company data and mobile systems. And at the top, the leadership to know what matters and what to do.
1.https://www.eef.org.uk/about-eef/media-news-and-insights/media-releases/2016/may/manufacturers-urged-to-step-up-planning-for-cyber-security-press-release-page