The increased digitalisation across all industry sectors is introducing new security challenges. Thomas Koch, Cybersecurity Leader at EY Luxembourg, gives an insight into how to combat cybercriminal activity in an ever-evolving digital world.

“By default every company today is digital,” says Thomas Koch, Associate Partner at EY Luxembourg. “The introduction of more technology, new tools and platforms is adding to the overall complexity of the technology landscape, increasing a company’s cyber risk exposure at the same time.” In their mission to combat cybercriminal activity, Koch and his team at EY are helping clients navigate the challenging cyber threat landscape and raising awareness about potential cyber risks along the way.

“The introduction of more technology, new tools and platforms is adding to the overall complexity of the technology landscape, and hence also increasing a company’s cyber risk exposure.” – Thomas Koch, Advisory Cybersecurity Leader, EY Luxembourg  

The sophisticated technologies used by companies today are creating an ever more complex digital environment, meaning that businesses are more likely to become targets for cyber criminals. “Each technology asset of an organisation is exposed to a risk, so cybersecurity  should be considered as a top priority on the agenda,” explains Koch. The average detection time of a cybercriminal attack is estimated to be in range of 150 to 200 days, so businesses are taking a truly long time to find out that they have been breached. It is this persistence of the cyber criminals which causes a serious problem for the company as a whole that can cost their customers’ trust. “Companies should in particular look into their capabilities to bounce back from a cyber attack, so it’s about looking into better resilience and better reaction to the cyber event rather than at the sheer protection side,” explains Koch.

“If companies can detect breaches earlier, they can really reduce the impact of a cyber attack,” says Koch. “A company’s ability to regain client trust and, in essence, protect their company’s brand name is heavily dependent on their ability to be cyber resilient.” By building a cybersecurity foundation, all businesses regardless of size can prepare themselves for the cyber threats they are facing, in order to deliver better outcomes and long-lasting results. “It is essential for companies to have a robust crisis plan,” explains Koch. Our team at EY is committed to helping businesses detect and react to breaches in cybersecurity. “The aim of such a plan is to be able to identify and apply the right means of recovery at the right time.”

 “Companies should in particular look into their capabilities to bounce back from a cyber attack, so it’s about looking into better resilience and better reaction to the cyber event.”  – Thomas Koch, Advisory Cybersecurity Leader, EY Luxembourg  

Increased protection through technology

In the context of cybersecurity, there are several innovative technological approaches allowing companies to become more resilient, such as RPA (robot process automation), AI (artificial intelligence) and D&A (data and analytics). “Self-learning algorithms like AI have been very helpful in reducing cyber crime detection times in an environment in which an ever-growing volume of data is being processed,” explains Koch. IAM (Identity and Access management) is a further key industry topic, helping to make sure that a robust internal data access management system is in place.

“Bringing technological solutions is not only about applying cutting-edge technologies such as AI for better firewalling or using robotic press automation in administration processes,” explains Koch. “It is also simply about better dash-boarding, making cyber risks a visually tangible item to facilitate the discussion at board level.”

“Self-learning algorithms like AI have been very helpful in reducing cyber crime detection times in an environment in which an ever-growing volume of data is being processed.”  – Thomas Koch, Advisory Cybersecurity Leader, EY Luxembourg