Companies of all natures, shapes, and sizes are at risk of cyber threats and crime. No organisation is immune to cyber-attacks, which are increasing in frequency and sophistication all the time. However, the risks to which companies in different industries are vulnerable can vary, and a specialised, industry-specific risk management approach will always trump a generic one when it comes to efficacy and efficiency.
“Certain sectors are particularly vulnerable to cyber-attacks,” says Charl Ueckermann, CEO at AVeS Cyber Security. “The level of risk to which a business is exposed is directly related to the potential returns that cybercriminals can reap with a tolerable amount of effort.
“They won’t apply the same effort to attacking a restaurant as they would to a financial institution that keeps sensitive information and money. A company’s risk management approach must not only be industry-specific but also curated according to the specific risks the business faces, as well as its risk appetite.
“Similarly, while the principles of IT governance are largely generic, the interpretation and focus will differ between verticals because the operating landscapes, which include market dynamics and legislation among other things, are different.”
Specific verticals are under higher pressure than others to implement focused risk management tools in line with good governance principles and to ensure compliance with legislation. The banking and financial services sector must meet customer demands for innovative services and solutions as well as personalised services while at the same time protecting their data and sensitive customer information from attack.
Telecommunications companies, such as internet service providers and mobile operators, are also under increasing pressure to implement robust measures to protect the vast amounts of sensitive data that is stored and transferred on their infrastructures.
Even the retail industry has had to adapt risk management approaches to evolving threats. They process payments on point of sale (POS) systems that are often unprotected, transfer large sums of money, and store and process sensitive customer information, such as banking and card information, which are all areas that can lead to higher risk profiles. In providing online shopping services, they also process online banking and card transactions.
“The retail industry looks vastly different from what it did ten years ago. Cyber security and risk management procedures must be cognisant of threats arising from ‘bricks and mortar’ as well as online services, both of which demand a highly-personalised customer experience,” says Ueckermann.
“Any organisation that takes a more mature, predictive approach to cyber risk management will have more time to spend on customers and innovation. Ultimately, they will be more competitive, trusted and profitable.”
Ueckermann expects the transition to industry-specific cyber security and risk management to continue gathering momentum. Business processes, skills, and technologies will have to be adapted to support this transition.
“Certainly, businesses across different industries face similar challenges when it comes to cyber risk management. However, an intensive understanding of the specific issues facing companies in vertical industries is becoming more crucial for addressing unique cyber security needs.”
Following the shift towards specialised cyber security, there is a growing number of entrants into the cyber security market. Of the new vendors entering the scene, some are unexpected newcomers offering cyber protection services as part of their portfolios.
“Take some of the biggest insurance companies in Africa, for example. Insurance organisations are now providing cyber security protection to their customers, which includes licensed security software and predictive monitoring, as part of their cyber insurance solutions. Would you have imagined 10 years ago that an insurance company would be providing cyber security solutions as part of their offering?”
“All of this indicates that there is increasing consciousness amongst companies and vendors alike of the need to hone cyber security and risk management approaches to address industry-specific challenges.”
He concludes saying that while there will always be a need for horizontal cyber security solutions, specialised industry-specific approaches to risk management are becoming imperative for preserving lower-risk profiles within verticals.
“The search is heating up for industry-specific cyber risk management solutions.”