Four steps to protect your business against cybercrime

An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel (POLAND - Tags: BUSINESS TELECOMS TPX IMAGES OF THE DAY) - RTX10ZB5

Digital crime costs the world around $400 billion a year Image: REUTERS/Kacper Pempel

Bas Burger
Chief Executive Officer, Global Services, BT Group
Our Impact
What's the World Economic Forum doing to accelerate action on Cybercrime?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: World Economic Forum Annual Meeting

Today everything is connected, so cyber-security features high on leaders’ agendas and is a top priority in every boardroom around the world. Each business has its own web of connections, often stretching across the globe. It’s fantastic for people working together or making their organization more efficient, but it’s also fantastic for criminals.

Hacking is a lucrative business. Digital crime costs the world around $400 billion a year and often occurs in ways companies don’t even consider. It’s not just about data theft: one criminal organization intercepted medicines and sold them on the black market for £200 million, because they got access to the route information.

In our report with KPMG, Taking the offensive, we found that almost every business (97%) has experienced some kind of attack, but less than a quarter (22%) feel prepared. This comes as no surprise, as about half of businesses don’t have a strategy to deal with blackmail, bribery or even criminals posing as members of staff.

Taking the offensive - Working together to disrupt digital crime Image: BT and KPMG

As the pace and variety of attacks increase, you need to keep ahead and there are four things you should be thinking about:

Is the board on board?

Security has to be on the board’s agenda. They need to be constantly thinking about the worst case scenario: what would happen if your information were stolen? How badly would your business be damaged if one individual were bribed or blackmailed? What are all the possible ways someone could attack? Board members with backgrounds in digital security and risk management can help the board, and even senior management, better understand the issues and more effectively communicate with the security team.

Other C-level roles will also need to evolve. The chief information security officer (CISO), for example, will need to be elevated from a traditional IT-focused role to one with direct accountability to the CEO and regular reporting to the board. Chief information officers (CIOs) will need to factor risk mitigation into every step the organization takes on its digital journey.

Is security part of your culture?

The board members can’t do everything themselves. You need to build security awareness into your organization’s culture by making it part of everyone’s role. Give them responsibility, and encourage them to speak up.

If everyone thinks about security, they’ll ask the right questions. For example, a recruiter can consider how much a planted employee could steal. They might then be proactive and help ensure you have the right vetting processes in place.

Have you separated your data?

I often tell people that they can’t avoid an attack. It’s going to happen eventually. You can do everything possible to recover what’s been stolen and catch the criminal, but eventually they’ll find that tiny hole and squeeze through.

The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. You want to make sure your most valuable information is hidden – even from your own employees. You don’t see bank vaults out on the street. They’re behind checkpoints, cameras and closed doors. Do the same with your data.

Have you read?
Do you have all the basics sorted?

It’s not just big things you need to focus on, there are plenty of small things you can do too. Start with making sure passwords are strong and long and ensuring that all the right policies are in place. Encryption should be used across the board and you need a response team ready to deal with attacks and minimize the damage. Spare a moment to think about whether your partners are keeping your data safe. Most importantly, think from a criminal’s perspective: try hacking back into your own business to identify vulnerabilities and then fix them.

Do all this and that’s how you’ll feel prepared.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

3 trends set to drive cyberattacks and ransomware in 2024

Scott Sayce

February 22, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum