The supply chain security industry is expected to grow in 2016 as the number of cyber offences – and government responses to them – increases, according to KPMG’s predictions for cyber security.
A field trial of 2,000 people conducted by the Office for National Statistics found that there may have been over 7.5m cyber offences against individuals in 2015.
However, David Ferbrache, technical director at KPMG’s cyber security practice, said this may not capture the true scale of cybercrime, “with many crimes against organisations remaining unreported”.
Two pieces of European legislation – the EU General Data Protection Regulation and the Network and Information Security Directive – which aim to harmonise member states’ data protection frameworks and simplify rules on data use for companies, are also likely to be agreed this year.
Companies will be expected to implement their provisions within two years.
“Together these EU interventions set the scene for greater transparency around data breaches, a more robust data protection stance and a Europe-wide nudge towards greater cyber security regulation,” Ferbrache added.
The UK government is also expected to launch a National Cyber Security Strategy in 2016, which has the “potential to signal a new relationship between UK governance and industry”.
Ferbach said that businesses of all sizes must to look beyond cyber security as a technical issue, and start preparing for some of the worst case scenarios.
“While large international firms are no strangers to an increasingly complex and uncoordinated global tapestry of national cyber security initiatives; smaller firms are likely to come under increasing pressure in 2016 as their larger cousins embed cyber security requirements into their contracting and procurement processes – fuelling both a supply chain security industry and the growth of third party cyber insurance,” he added.
“Firms are finally beginning to recognise that a determined and well-resourced adversary will find a way to breach their cyber protection regardless of the robustness of their defences. This is leading to firms focusing more on the data and systems that are most critical to their operations and how to reduce the risk to those assets."