Companies aren’t taking the threat of cybercrime seriously enough in Switzerland and aren’t doing enough to anticipate attacks, according to a study by consultants KPMG. In addition, firms are relying too much on technology and neglecting the human factor.
As life continues to be increasingly digitalised, the issue of cybercrime is also gaining significance, KPMG said on Wednesday. It noted that last year in Switzerland cybercrime caused economic damage worth CHF200 million ($215 million).
Although two-thirds of the 64 companies interviewed said they were aware that they were an attractive target for cyberattacks – such as the theft of customer data and intellectual property – the study’s authors said companies were still too reactive, as opposed to taking preventive action.
Three-quarters said a concrete case of cybercrime was the biggest reason for tightening security measures. Only half investigated the damage caused by cyberattacks.
“Because the nature of cybercrime is heavily based on technology, many companies make the mistake of combatting it primarily with technology,” the report said.
“That’s like the Berlin Wall. People try to close off an area and control the way in and out. That’s no longer feasible because of the increased networking of customers and staff. For example staff will use their own mobile devices, which the company can’t check.”
No idea how to react
Although three-quarters of firms carried out training to improve awareness of cybercrime, many attacks succeeded because they exploited human mistakes, such as keeping passwords on pieces of paper right by the computer.
What’s more, these attacks often go unnoticed for a long time – on average it takes 205 days to realise what’s going on, but it can take a lot longer.
“And even if firms do discover an attack, 45% of respondents had no idea how to react. That’s like having a fire and not knowing how to call the fire department,” said KPMG partner Gerben Schreurs.
He noted that 7% of companies had taken no measures despite being victims of a cyberattack.
swissinfo.ch and agencies