We have migrated over to the cloud with gusto here in the UK, as evidenced by the latest figures from the Cloud Industry Forum, which show 84% of us now use some kind of hosted solution. The IT channel has been integral to this, helping organisations gain confidence in cloud technology and combining it with the right security solutions in order to diffuse any reservations they might have.
While we've been busy embracing software-as-a-service and infrastructure-as-a-service, a startling reminder that the cyber criminal world is never far behind came in May with the news that DDoS-as-a-service was being offered for just $5 – and that's not even on the dark web!
This hosted approach has fundamentally changed the way companies hold data. Whereas in times gone by customer data was easily managed under lock and key, nowadays more and more sensitive customer information is being processed by software and held in the cloud.
This change has, of course, impacted our culture. As recent headlines have reflected, cyber security has become a mainstream issue and any breach of customer data now threatens to cause serious damage to organisations.
A good reputation is hard to come by and can cost millions to create. In some ways it's one of the most important assets of any business. What we've learnt over the past year and a half is that a cyber breach can, within minutes, not only wipe millions off a firm's share value, but also leave deep and lasting effects on a company's reputation. In fact, a survey we conducted earlier this year saw 29% of 1,000 consumers claim data breaches had diminished their loyalty as current or potential customers of affected brands, and 38% felt more negatively about companies that suffer data breaches.
In this environment, it becomes clear that the channel has a renewed responsibility when it comes to cyber security. Now more than ever before, the channel's role isn't simply to sell products and walk away, but to offer constant care and support around the security of the products it provides to companies.
And companies really need the expertise of the channel because the service they are offering to their customers isn't meeting expectations. Our survey found that 92% of people expect to be informed within 24 hours if a business they deal with has suffered a data breach and their data may be compromised.
As most people in the industry know, this short time period is far from being met. Our M-Trends report, released in June, found that companies take an average of 469 days (around 15 months) to even identify a cyber attack after the initial compromise. That's without taking into account the additional time it would then take to identify if customer data has been breached and notify customers accordingly. While this data was admittedly based on cyber attacks across the EMEA region, it's indicative of what we've seen first hand here in the UK.
With the long anticipated EU General Data Protection Regulation (GDPR) set to require that authorities are informed of a data breach within 72 hours, amongst other things, UK companies will need the full support of the channel to improve their threat identification abilities.
This presents a time-sensitive opportunity for the channel to fill in those gaps of knowledge. While organisations have a bit of breathing space before the regulation comes into play in May 2018, many will already be preparing for the new regulation due to the big changes it spearheads combined with the severe consequences of noncompliance. (And yes, even if the business isn't in the EU, it still needs to comply to process any personally identifiable information of EU residents.)
With stringent fines of up to €20 million (or 4% of turnover), companies will be rushing to ensure they're up to scratch before the regulation comes into play. And as many organisations may not have the skills in-house, they will be looking for experts in the channel to rely on and guide them on the road to compliance.
Nik Churchley is director of channel sales for EMEA at FireEye
