Much is made in the press of the devastating effects that weak cybersecurity is having on the economy in the UK and globally. We regularly see news articles about companies having their secrets stolen or their customer records hacked.
The UK government thinks the problem is so severe that it has identified cybersecurity as a Tier 1 national security threat and invested £860 million to defend the country’s digital shores.
The recent report completed by PricewaterhouseCoopers on behalf of the Department for Business, Innovation and Skills highlights the dangers posed to businesses in the UK, especially smaller businesses.
It found that 87% of small and medium-sized businesses had suffered a breach in the last year and that the worst incidents cost each business somewhere between £35,000 and £65,000. As a group, small and medium sized businesses suffered an average of 17 breaches a year and 9% said they were certain their intellectual property had been stolen.
The threat is compounded by a significant skills shortage. The National Audit Office, reporting on the UK government’s cybersecurity strategy, highlighted a lack of expertise in the field in the government and particularly in the defence and intelligence sectors.
So systematic are the issues that the NAO believes it will take up to 20 years to fix the pipeline issues. This can be seen in the demand for jobs. The sheer number of positions recorded on online IT jobs analysis site itjobswatch shows that demand for people in the fields of cyber and information security is rapidly outstripping supply.
So there is clearly a problem. But this problem appears to be having an undesired effect on small businesses in particular. They are being turned off the business opportunities that cybersecurity presents.
In order to help move beyond the doom and gloom, businesses should think about how they can shift their cybersecurity efforts away from simply protecting themselves to actually making money. Trying to convince budget holders in a company to spend money to stop something happening that might not happen anyway is hard. But convincing them to spend money to sell more is much easier.
This optimistic approach is supported by recently published market research that estimates the current size of the cybersecurity sector in the UK to be around £2.8 billion and set to grow to £3.4 billion by 2017. And it is the small and medium sized businesses within this sector that are predicted to grow the most.
Security in the smart city
What all this means is that there is money to be made from cybersecurity and small businesses should not fear it but embrace it. One area that is promising in this sense is the move towards smart cities. As the infrastructure around us, such as traffic lights and utilities becomes more regularly controlled via computers, market opportunities emerge.
A recent governmentreport highlighted the need for next generation ICT structures for energy, water, transport, waste and assisted living. What it does not cover is how we are going to protect this and who will do it.
The report does mention that companies providing smart cities products and services do need to adhere to data privacy and security best practise. And that companies should ensure appropriate safety standards. But skills, products and expertise need to be procured in order to make this happen. Where are the businesses that can supply this?
They are around, but many of them just don’t realise they can respond to this need. Imagine your company makes electricity meters. In order to make them smart you need to embed hardware and software in order that the home owner can monitor their usage. The result of this is that the smart-meter can now be attacked digitally. If you were a procurement company, would you buy the meter that was enhanced with digital protection or the one that wasn’t?
Out of necessity, your electricity meter company produces a system to protect its products from being attacked. Now it becomes a company that has the capability to digitally secure smart meters. Could that capability be wrapped up into a new product or service to sell to other smart-meter manufacturers? This is how the pessimism of cyber-fear becomes a money-making opportunity.
In order to fully realise the potential of this opportunity requires broad discussions by a wide variety of stakeholders, from government, the police service, academia and the business community. Academia also provides the open public space to explore the opportunities and show how all the key stakeholders may work together.
The business opportunities are boundless in cybersecurity. New markets such as smart cities are emerging all the time as we, as a society, find new ways to use technology. What we need are entrepreneurial people to see past the doom and gloom to provide the products and services we need to protect our future digital life.