data security in the limelight
Managing data security and privacy seen as challenge for CFOs
IN the West, cyber attacks at corporate companies have already started to result in massive losses to bottomlines.
Global companies like Maersk and Merck which were hit by ransomware recently for instance, reported losses amounting to hundreds of millions in their latest financial quarters.
It goes without saying that losses which come in the form of reputational and operational losses are no laughing matter for corporates. And this is especially so when customer data is compromised.
The Star reported a few weeks ago that the personal details of some 46.2 million mobile number subscribers in Malaysia are at stake following what is believed to be one of the largest data breaches ever seen in the country.
The information leaked included mobile phone numbers, home addresses, identification card information as well as mobile SIM card information.
Following this, there was an incident of customer data loss where lender CIMB Group Holdings Bhd said several of its magnetic tapes containing customer back-up data were physically lost in transit during routine operations.
Whether due to human error or a lack of cybersecurity measures, these highlight the importance of companies in general having to take a more serious approach toward current security levels.
A report by EY Financial Accounting and Advisory Services points out that managing data security and privacy is a challenge CFOs face in today’s corporate environment.
The assurance, tax, transaction and advisory services provider which surveyed 1,020 CFOs or heads of large global organisations for their latest report says 85% of the respondents said that they found it either “very challenging” or “somewhat challenging” to actively manage data flows based upon different jurisdictions’ privacy laws.
“Trust can be destroyed forever if organisations do not keep up with the public’s shifting expectations of acceptable corporate behaviour, or they fail to safeguard personal data,” EY says in its report.
Whether people trust an organisation or not “depends on a whole host of reasons, from the tone of their communications to the personal integrity of the senior leadership team.”
Organisations should consider managing data as a strategic asset; shift the finance mindset to embrace technology innovation; and challenge traditional governance and board structures, EY adds.
Domestically, corporate companies asked to comment on this issue concur that security measures are more important now than ever, in an increasingly competitive business world. AmBank, the country’s sixth largest banking group out of eight says that on the whole, is it confident that it has strong security measures in place but also believes there can be no room for complacency.
“As a financial institution, we have a responsibility towards our customers to uphold the trust they place in us.
“It is incumbent upon us to continuously review and ensure that our security measures, whether in a physical sense or in cyberspace, are of the highest standards,” says group CEO Datuk Sulaiman Mohd Tahir.
He agrees that while enhancing security measures may lead to higher costs of doing business, there will be “exponentially higher costs”, if companies don’t do it.
Sulaiman admits that security breaches are a global phenomenon and not unique to Malaysia.
“Nonetheless, it is indeed quite shocking to hear of some of the security breaches that have taken place here,” he says.
“If customers believe their accounts may have been compromised, they should immediately contact their respective banking service providers.”
This is particularly important in the case of cyber fraud or phishing, as speed in reacting to such situations can make a difference in containing the issue, he adds.
He likens cyber threats to the digital equivalent of brick-and-mortar crimes.
“Vigilance and prevention will always be worth the effort, given the immense value and upside generated from digital processes.”
Rohan Krishnalingam, chief operations officer at RHB Banking Group says the data and banking information of its customers are “safe and secure” in light of recent developments.
“RHB Banking Group has not experienced any breach of customer data ; the recent reported loss of data however has raised the awareness of the industry on potential new threats,” Rohan says.
He adds that RHB continuously reviews its data backup processes and cybersecurity measures across all its businesses and subsidiaries to ensure that it is not exposed to such risks. “In addition, we have put in place relevant controls across all customer touch points in order to safeguard customers’ information.”
The winners – if they can be termed as that – in all of these, are probably the cybersecurity firms. Raymond Tan is CEO of Systech Bhd, one of the local firms riding on the increasing need for data security and privacy at corporate firms which deal with a lot of private data.
The company, an Ace Market-listed firm, monitors the traffic on networks of organisations which hire it and raises the red flag if it detects anything “suspicious”.
“Cybersecurity has become increasingly important not only for banks but also for the entire corporate sector domestically and internationally,” Tan says.
Over in the United States, Amit Yoran, chairman and CEO of Tenable, a global cybersecurity firm based in the US was recently quoted by Forbes as saying that “the risk (related to cybersecurity) today is probably higher than it’s ever been as organisations rely more on technology than they have before, as core processes and technologies get more and more complex, more and more interconnected.”
“Complexity is the enemy of security,” he said. Indeed, complexity does appear to bring about more complications. A doubled-edged sword, if you will.
And like all double-edged swords, it is vital to ensure that the downsides do not exceed the benefits reaped.