The first cyber-attack, meanwhile, is even older – the ‘Morris Worm’ was actually carried out with good intentions in 1988, as part of a university project designed to assess the size of the internet through a program that would crawl the web, install itself on other computers, and count how many copies it made of itself.
Today, ransom-ware attacks cost businesses US$8bn each year, and in 2018 accounted for 25% of all cyber insurance claims. More widely, the World Economic Forum claim that, of the biggest risks facing our world in 2019, cyber-attacks rank as number five as the most likely and seventh as the most impactful.
Jersey, as a forward-thinking jurisdiction, is an increasingly digitally-driven centre, immersed on a daily basis in digital transactions and online activity. We recognise the potential offered by digital innovation in delivering an efficient, secure service.
Firms here are working right at the cutting-edge, fully aware that the future is all about digital integration across boundaries; alive to the critical nature of digital innovation to better serve local and global customers; and cognisant of the possibilities presented by technologies such as distributed ledger technology, artificial intelligence, and virtual currencies.
Being fully immersed in a digital ecosystem has meant that firms have invested heavily in leading technology solutions as part of their business security and continuity plans, to help prevent, identify and mitigate cyber-attacks and protect their data. At Jersey Finance we take our cyber security responsibilities seriously and are proud to have obtained Cyber Essentials accreditation.
But we also recognise that cyber security is not an area just reserved for IT departments. Today, being cyber aware is just as much about people as it is about technology.
It’s telling that figures from the UK Information Commissioners Office show that, in the last quarter of 2018, of almost 3,300 reported data security incidents in the UK, 28% were down to data being emailed, faxed or posted to the wrong recipient. In the finance and legal sector, the figure drops to 22% but in a sector that is meant to be highly cyber aware, this is still a startling figure.
Even more remarkable perhaps is the fact that phishing – a relatively blunt, simple and dated method of attempting to breach cyber defences – remains such a key risk to companies. Figures show that 97% of people are unable to identify a sophisticated phishing email and that 91% of cyber-attacks start with a phishing email.
It highlights that focussing on the people aspect of cyber security, through training and education, is an area where firms can make low-cost but high-impact changes to minimise the risks posed by cyber incidents.
It’s why, this Cyber Security Awareness Month, we’re encouraging businesses here to reflect on how geared up they are to protecting their firms, data and clients, and, crucially, to talk to each other about cyber issues and share best practice.
It’s why, throughout the month, we’re rolling out a social media campaign, supported by our Members, with snippets of best practice, designed to make people stop and think before acting – acknowledging that sometimes cyber risks are created inadvertently by good people with good intentions – much like the Morris Worm. Should you really email that document to your personal account, just to get a job done? Is that email really from your CEO? Does that attachment genuinely look legitimate?
It’s why we’re hosting a number of events this month, including a seminar looking at ‘the deep dark web’ and are welcoming the Office of the Information Commissioner to speak at our Members Cyber & Data Security Awareness Forum.
And it’s why we continue to value so highly our role as part of Jersey’s Cyber Security Task Force, which also includes the Government of Jersey’s Information Services, Digital Policy Team and education department, as well as the Jersey Financial Services Commission (JFSC), Digital Jersey, the Office of the Information Commissioner, the States of Jersey Police, Jersey Business, and Skills Jersey.
The Cyber Security Task Force maintains close links to the UK National Cyber Security Centre (NCSC), and will be welcoming representatives from the NCSC to Jersey on 31 October. At this event, ‘Cyber Security: Keep you and your business safe’, the NCSC will provide an overview of what products and services they can offer to businesses in Jersey.
Our view is that, by working together and in a joined-up way as a jurisdiction, our workforce can be both focussed on harnessing the potential offered by digital, and ready to combat what is becoming an increasingly prevalent challenge for those in cross-border business.