CFOtech New Zealand - Technology news for CFOs & financial decision-makers
Story image
Marriott, British Airways fines highlight critical need for security investment
Fri, 12th Jul 2019
FYI, this story is more than a year old

The last week has brought heavy fines against the likes of global hotel chain Marriott and airline British Airways, casting a harsh spotlight on the price of cyber attacks.

According to analyst firm GlobalData, many organisations are still ‘considering' cybersecurity investment, rather than taking steps to implement it.

''In a survey conducted by GlobalData, 37% of respondents stated that their companies were making a ''major investment'' into cybersecurity technologies now. A further 43% said they would be doing so in the next three years,” comments Globaldata's head of R-A, travel and tourism, Nick Wyatt.

''37% is encouraging but over 40% are still delaying investment despite last year's large-scale breaches at Marriott and British Airways showing that measures are often not yet robust enough."

The consequences of ignoring cybersecurity investment are costly. The United Kingdom's Information Commissioner's Office (ICO) handed out fines of £183.39 million to British airways, and £99.2 million to Marriott.

Wyatt notes that the authorities is serios about using its powers and penalising organisations for breaches.

“The message is clear: get serious about cybersecurity or face the consequences. So if you're planning to invest heavily in cybersecurity, why wait?

''The consequences are clearly significant in financial terms, but there is also a somewhat intangible reputational impact. Consumers' faith in companies can be shaken, particularly in the travel and tourism industry, where companies have a duty of care to look after highly sensitive personal data such as that contained within passports.

In 2018 GlobalData forecast that investment on cybersecurity will increase to beyond US$140 billion by 2021, equating to a compound annual growth rate of 6%.

"These fines must serve as a wake-up call for other companies, many of whom are still highly vulnerable to cyber attacks themselves. These companies need to act now and ensure that they are harnessing the latest technologies to protect their customers' personal data.

GlobalData notes that there are several key cybersecurity investment areas. These include network security, unified threat management, artificial intelligence, behavioural analytics, SIEM, endpoint security, mobile security, identity management, data security, application security, email security, cloud security, managed security services, post-breach consultancy services.

‘‘Traditionally, most companies have adopted a prevention-based approach to cybersecurity, but recent advances in technology areas like machine learning are enabling a move towards active detection of threats,” comments GlobalData thematic research head Cyrus Mewawalla.

“This allows pre-emptive action to be taken to stop breaches before they occur and also serves to free up resources currently occupied with chasing false positives from existing, more reactive systems.