Cybersecurity spending must rise

Data breaches cost money: companies must invest to counter cyber attacks

12 May 2021 Davey Jose, Thematic Analyst – Disruptive Technologies

The cost of cyber crime is expected to reach USD10 trillion by 2025, up from USD6 trillion today. But while spending on countering it could grow by almost 15 per cent a year, that may not be enough. Increasing digitalisation increases the risk of loss – forcing companies to raise their insurance.

Almost everything is becoming connected to the internet, from phones and fridges to company computers and critical infrastructure such as power supplies. Estimates suggest there will be three internet-of-things devices for every person by next year.

The threat comes from hackers, insiders, business competitors, industrial spies, organised-crime groups, nation states and terrorists. It ranges from malware to DNS tunnelling attacks that corrupt the user’s system.

As cyber crime soars, investment in cybersecurity is increasingly important. Security technology has evolved from the physical to the digital too: the next evolution will be to deploy artificial intelligence to automate security further.

Less economically-developed regions such as Africa are particularly vulnerable because they lack cybersecurity infrastructure and knowledge. Cyber crime is claimed to have cost the continent USD3.5 billion in 2017, with 96 per cent of incidents unreported or unsolved.

With more employees working from home because of the pandemic, companies are raising their spending on security to counter the risk. Global cybersecurity expenditure is expected to reach USD270 billion a year by 2026. Most of the spending is on security services, including monitoring and managing security functions.

But besides the direct cost of a data breach, firms can suffer reputational damage that has long-term implications, including an impact on stock market values. The average cost has been estimated at nearly USD4 million per breach but regulators worldwide are becoming tougher. Maximum UK fines have been increased from GBP500,000 to GBP17.5 million or 4 per cent of turnover, for instance, but penalties elsewhere include imprisonment.

Cyber attacks also have social impacts on the public, from the stress caused by stolen data to the loss of confidence in technology.

Companies are increasingly insuring against cyber attacks, with the global market expected to grow 20 per cent-30 per cent annually, reaching USD25 billion by 2025.

Healthcare has seen a 60 per cent increase in attacks globally since the start of the pandemic, but transport and logistics industries are facing increasing threats as the uptake of internet-of-things devices grows. Two-thirds of new UK cars are already linked to the internet with 100 per cent connection expected by 2026.

But digitalisation has also increased the threat of cyber attacks on infrastructure of national security importance. Cybersecurity is thus becoming a main feature of defence budgets, but the increased use of remote-monitoring, intelligent-connected devices and automation means threats pose a significant challenge for utilities.

Although cyber risk is progressively becoming a principal risk for corporations, for a long time that has not been reflected in the composition of boards. Directors with expertise are now being appointed, but the focus should be on strengthening training for the whole executive team.

First published 29 April 2021.

Would you like to find out more? Click here to read the full report (you must be a subscriber to HSBC Global Research).

Cybersecurity affects everyone: View the infographic

Disclosure and disclaimer

More, collapsed
From ‘Frontier’ to ‘Emerging’
Kuwait opens up to further investors
Join the conversation?

Join our Linkedin group to get an unparalleled view of macro and microeconomic events and trends from a bank that is a leader in both developed and emerging markets.