Jeff Green, Senior Director for Cybersecurity Programs at Aspen Digital.

"Cyber insecurity will always be a significant problem, but it is one that we must work to manage, not eliminate."


The fight against cyber crime is often thought of as a war, but against an unseen enemy, attack methods constantly changing and no real endgame, it is useful to rethink the problem.

A better analogy for combatting this problem might be developing good cyber health habits that mean if you face an attack or breach, the recovery won’t take as long or be as painful.

What do cyber-criminals actually want?

Data is the language of business. Personal information about staff for payroll and other essential operations, contact information for clients and customers, sensitive information used in decision making and many other data points are collected and stored by organisations of all sizes.

Gartner has found that businesses increasingly prefer data-driven decision-making to intuition-based decision-making, which means organisations are gathering more information than ever before.

But criminals have also noticed all that data, and they place a high value on that information for sale or identity theft. Threats come from both individual hackers and well-funded organised crime groups.

Most cybercrime comes down to the value of that information on the black market, or dark web. It’s a money making exercise.

Cybercrime is now not only a business, but a lucrative growth industry with healthy returns and low risks.

Information has varying values on the black market, ranging from a few dollars for data from popular apps such as Spotify and Netflix, to stolen medical records, credit cards and identifiable information that can fetch thousands of dollars.

For that reason alone, malicious data breaches are not going anywhere.

The industry is so big, global consultancy McKinsey believes cyber incursions are on track to cause nearly $16 trillion a year in damage to the global economy by 2025.

IBM’s 2023 Cost of a Data Breach report revealed the average cost of a data breach globally was $7 million – a price tag that could potentially sink a small or medium business, or a not-for-profit organisation.

The most valuable information is personally identifiable, which is used to perpetrate identity fraud, fuel future phishing attacks or simply financial gain.

Small and medium businesses are also a target for cybercriminals, who may be seeking a way into bigger organisations through its weakest links – its supply chain.

As more information is collected and stored, the more attractive it is to organised crime seeking to exploit vulnerabilities for extorting organisations, or threat actors attempting to disrupt critical infrastructure and steal sensitive information.

Understanding how an organisation stores data and who can access it is a key risk management step that means the highest risk areas can be identified and addressed.

Safe handling and secure storage of data is the first line of defence against cybercrime. It is a risk management investment that reassures staff, customers, investors and other stakeholders that private information is safe from those who might exploit it.

But if a crack appears in the storage and personal or sensitive data is exposed, business leaders must be proactive to win back that broken trust. And that will not happen quickly.

In the event of a breach, organisations and boards will need to demonstrate that they took seriously the job of protecting personal and private information by showing actions taken to assess risk and defend data.

Cyber crime and data protection are complex problems but organisations should encourage greater understanding of the issues, to empower and educate their people.
Cybercrime isn’t going away but it will flourish if employees and executives don’t understand the motivations and start to think like their adversary.