Technology and cyber crime: how to keep out the bad guys

Maintaining strict security protocols and monitoring your firm’s digital activity can improve your chances of fending off an attack

Cyber crime is of increasing concern to nation-states — whether the culprits are other governments or financially motivated hackers. In the US, the 2025 government budget for IT security is $13bn, up from $11.8bn the year before. The UK, too, is wary and this extends to the risk of infiltration via allies: it has set aside £25mn to help friendly governments improve cyber security.

The private sector is also on edge. In the Systemic Risk Survey, carried out by the Bank of England and covering the second half of 2023, participants said a cyber attack was the risk that would have the greatest effect on UK financial systems. Concern was down slightly in the latest survey, published in March, but 70 per cent of respondents still put cyber crime as their number two market risk, directly below geopolitics.

Companies are set to spend more on cyber security. A survey of 200 security professionals conducted by Infosecurity Europe found that two-thirds anticipated a budget increase in 2024 of between 10 and 100 per cent.

The threat is real, not perceived. Cyber crime is forecast to cost $9.5tn in 2024, according to Cybersecurity Ventures, up threefold on 2015.

Some 94 per cent of IT and security leaders said their business had suffered a significant cyber attack in 2023, according to a poll by Rubrik/Wakefield of 1,600 decision makers at large companies. Also 94 per cent of cloud tenants were targeted every month in 2022, a separate survey by Proofpoint, the cloud cyber security platform, said.

Stick ’em up

Ransomware is a ubiquitous problem. In a traditional ransomware attack, in which files are encrypted and users’ access disabled, “you have between 45 seconds and four hours before your entire network is done”, says Mick Baccio, global security adviser at Splunk, a cyber security company.

One UK/US crime group, Scattered Spider, has achieved infamy for its ransomware attacks on Caesars Entertainment and MGM Resorts International.

In February 2024 Chainalysis, a blockchain data platform, said known ransomware payments in 2023 exceeded $1bn, a new high after a respite in 2022. Given the difficulty in tracking all incidents, this is probably a conservative figure. The incidence of “big game hunting” — where targets have a high value or high profile or both — has also risen. Ransoms greater than $1mn have increased as a share of the total volume of payments.