Empowering cyber-security providers

Cyber-security companies can cooperate to help facilitate and encourage standardisation of certifications and practices and even exercise their power at a global level to influence policy-making say Chris Southworth and Allen Dixon.

Chris Southworth, director, International Chamber of Commerce (ICC) in the UK
Chris Southworth, director, International Chamber of Commerce (ICC) in the UK

Cyber-crime is a truly global issue - having no respect for either sector or geographic boundaries. In response, cyber-security has become a fast-growth industry, although it's one that needs to stay ahead of the game. Collaboration is key.

The UK's growing number of cyber-security companies have certainly not opted for the quiet life. While enjoying increasing demand for their services, they must keep pace with rapidly-changing global threats, as well as the demands of a fast-evolving industry. 

They also occupy a world of screaming headlines, as cyber-security takes its place alongside terrorism and pandemics as one of society's great threats. This is especially the case in the corporate world, where the threat of data security breaches is very real and very worrying. Cyber-attacks are costing businesses between US$400 billion and US$500 billion (£273 billion to £342 bilion ) a year, and this doesn't even include the large number of attacks that go unreported. 

Given this, demand for cyber-security professionals grew by almost 70 percent between 2012 and 2015, and cyber-security companies will continue to flourish as cyber-crime persists. Remarkably, the cyber-security market reached US$75 billion (£51 billion) in 2015 and is expected to reach US$170 billion (£116 billion) by 2020. 

That said, such rapid growth also points to a volatile environment where new firms may not necessarily have long-term security or certainty — which points to the importance of cyber-security companies looking for ways of empowering themselves at a global level. Indeed, in an unpredictable security environment, these companies clearly need to be represented at the decision-making table and be engaged in international business issues.  

Not all plain-sailing

Certainly, the increase in cyber-crime has led to a surge in the number of organisations practising cyber-security, as well as increased scrutiny from government and a growing number of diverging industry standards. There are a variety of certifications, standards and practices available to providers – and little consistency with respect to the best approaches. What's more, these practices are currently splintering rather than converging.

Of course, cyber-security companies need to keep up with cyber-crime and industry developments. The sophistication of cyber-attacks has evolved, and cyber-security companies must incorporate the latest technologies to counter these threats.  

In our view, cyber-security companies should collaborate more closely with private-sector companies, industry groups and government stakeholders to agree on more common sets of best practices and standards across the industry.

An important part of this approach needs to be collaboration not only across the burgeoning cyber-security industry, but also with the broad range of industries and companies that it is trying to protect. To fully understand the threats and encourage standardisation, cyber-security industry stakeholders therefore need to be an important part of this ongoing dialogue. 

Allen Dixon, international intellectual property & technology consulting, International Chamber of Commerce (ICC) in the UK

The benefits are manifold – for instance, providers can have a say in the decision-making process concerning cyber-security regulation, and in the frameworks and standards that are developing in this area. 

Finding a voice

While there are many challenges facing cyber-security providers, the changes underway are, in fact, not out of their control. These companies can help facilitate and encourage standardisation of the various certifications and practices in the industry. What's more, they can even exercise their power at a global level to influence policy-making. 

Efforts towards collaboration among corporates will encourage greater harmonisation over different practices. Organisations such as the International Chamber of Commerce (ICC) provide cyber-security companies with the opportunity to participate in industry dialogue, and also to have their views better represented at the key decision-making tables. 

These critical components in the war against cyber-crime can not only help practitioners stay ahead of global issues affecting commerce more generally, but also to keep up to date with developments in cyber-security regulation, standards and practices. They can also hear about them instantly, rather than after these have become common knowledge – a crucial need in an industry where staying ahead of the game is a fundamental requirement. 

Cyber-security companies have much to gain from engaging in dialogue, and through organisations such as the  ICC they have access to a network of international companies examining important issues facing the industry. 

In the fast-evolving world of corporate information security, cyber-security providers can have an enormous influence – and working with pan-sector organisations helps them engage on all kinds of policy, regulatory and industry-practice issues, as they develop. 

Contributed by Chris Southworth, director and Allen Dixon, international intellectual property & technology consulting, International Chamber of Commerce (ICC) in the UK