According to the latest Lloyd’s Risk Index, a survey of 500 global business leaders’ perceptions of global risk, the West is taking cybersecurity more seriously than the East. In North America, malicious cyber attacks are ranked the 4th highest priority risk. In Europe they rank the 14th highest priority, and in the Asia Pacific region they are only the 20th highest ranking risk.
The report notes research published at the start of 2011 estimating the cost of global cyber crime at $114bn a year, “$96bn of it in the US alone.” This disproportionately high figure could explain US awareness of crime, but conversely could indicate a lack of preparedness against that crime – or simply be a reflection of where criminal rewards are highest.
Frank Coggrave, General Manager EMEA at Guidance Software, is clear. “No one should be complacent and the US’s high preparedness is perhaps because they are more aware of being a target. Most of the major cyber attacks, from Anonymous and others, have been against US organizations. Facing the cyber threat risk is not unlike facing insurance risk,” he continues, “you only take it seriously after it happens to you. The best people to sell burglar alarms to are the recently burgled.”
The reality is that most people’s perception of cyberattacks is that they stem from the East rather than that they are targeted at the East. But with the economic rise of China and India this may well change. In the meantime, the UK is leading Europe’s increasing cybersecurity awareness with its Cyber Security Strategy calling for greater international co-operation and preparedness. If the Lloyd’s report can be seen as a ‘call to arms’ in cyber defence, then it has possibly been heard at least in Europe.
Already, the Lloyd’s disparity between Europe and the United States is not so noticeable ‘at the coal-face’, with those security companies selling the security defences. “I haven't noticed this,” comments Nigel Hawthorn, VP Marketing EMEA at Blue Coat Systems, “and my experience especially in the sale of anti-virus and IDS/IPS devices over the years is that often European businesses are more prepared for cyber security threats. You could argue that it is not considered a major problem by senior management in those organizations who have strong security teams that have implemented security solutions so perhaps there is more concern in the US precisely because they haven't implemented some of the security and thus are being exposed to more threats.”
Professor John Walker, CTO at Secure Bastion, sees a cultural aspect. “When we look to Asia”, he comments, “it may be more a case of environments who are yet to reach the levels of paranoia, and defensive positions that the West see as a ‘must do’. This however does not necessarily mean they are less exposed, just possibly less aware and tuned in.”And the difference between the USA and the UK/Europe may be down to the US ‘proactive, well-funded’ approach to matters compared to Europe’s predilection for ‘conversation and rhetoric’.
Whatever the truth, the Lloyd’s report also suggests that the cost of this risk to business could get very much worse: Lloyd’s estimates “that only 10% of those that could be affected by cyber crime have cover for the growing risk.”