18 February 2016 | By Jason Piper Community

Cyber security: The future of regulation

Self-interest rather than regulation will be the key driving force for businesses to improve their cyber security 

Cyber security presents a huge challenge for business both technologically and monetarily. It’s no surprise that chief executives and chief finance officers routinely cite cyber security as a growing concern, exacerbated by the rapid rise in big data.

ACCA (the Association of Chartered Certified Accountants) has published a new report – Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up. The report examines the growing issue of cybersecurity and in particular the problems authorities and business are facing.

Big data is transforming the way business operates. Companies can now collect, analyse and use big data to predict customer purchase patterns, enabling a company to tailor the customer experience to maximise revenue. However, this data can also be immensely valuable to criminals, who can use it to steal money or identity. Because it is digital the data can also be replicated over and over – potentially before the company even knows it has been accessed illegally.

Compulsion to act?

Insufficient security can lead to data breaches, which are increasingly damaging to a company’s reputation and can cost millions in revenue and future potential customers. Individuals are ever more aware of the value of their personal information and will be far less likely to do business with a company that has suffered a data breach. And permanence and easy duplication don’t just characterise business information; they apply to the online stories about security failures too. The newsworthiness of data breaches particularly from large companies mean they could continue to cost the business for years to come.

The pace of technology not only presents a challenge for the company but also for government and authorities. The time it takes laws to be passed brings the very real possibility that regulation in the field will be out of date before they are even signed. ACCA believes that the best way of improving cyber security is through industry codes of conduct and awareness raising.

Big business can play an important role in raising standards of cybersecurity through the supply chain. Criminals will look to target the weakest link in the chain, and because of resources this will often – but not always – be the smaller companies. The larger businesses can use their resources and expertise to help the smaller ones improve their cybersecurity and protect the entire chain.

The birth of the cyber security insurance market highlights the reality of the risk. It wouldn’t necessarily be wise to make insurance compulsory at present – not just because of the moral hazard issue, but simply because there is not enough information for underwriters to be able to set appropriate premiums and while take up is relatively low there will inevitably be a higher loading of premiums. But it’s definitely something that business should consider, alongside other defences. You don’t leave your doors unlocked just because you’ve got theft insurance after all.

Cyber security is an issue that will remain high on the agenda for senior managers in the years to come. ACCA firmly believes that self-interest rather than regulation will be the key driving force for businesses improving their own cyber security and those they do business with.

Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up can be downloaded at: