 "Ways in which you can lower your cyber insurance premium?")
A robust cybersecurity posture has become the key to retain clients for information-technology (IT) services providers because any breach of data can result in a loss of millions of dollars apart from damages to trust and reputation.
Costs of global cybercrime damages are expected to grow 15 per cent per year over the next three years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015, according to Cybersecurity Ventures.
If it were compared to the economic size of a country, cybercrime would be the world’s largest economy after the US and China.
Cybersecurity incidents at the end of IT providers are going up. For instance, tech giant Infosys has been named as the source of a data leak at Bank of America.
Infosys disclosed it in a November 3, 2023, filing, which revealed its US subsidiary Infosys McCamish Systems LLC (IMS) “has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS”.
Infosys later said it had suffered a hit of 60 basis points on its operating margins from the McCamish cybersecurity incident.
More From This Section
Infosys Chief Financial Officer Nilanjan Roy said during the latest earnings that while the incident had an impact on both revenue and cost, it was a “one-time impact” and unlikely to carry through the fourth quarter.
An analyst at a leading consulting firm said the resignation of Infosys’ chief information security officer (CISO) and some of his team members, resulting in a vacuum at such a critical position, could be one of the factors that led to this.
“While no amount of preparation can insulate you from cyber attacks, one must have the best practices in place. Organisations should use a simulation model with an outside-in and inside-out approach so that they can simulate the motivation and action of the bad guys and see how it can be addressed,” he said.
In April 2020, Cognizant was attacked by a Maze ransomware, which disrupted services to its customers. Some of Cognizant’s clients reportedly opted to protect themselves from the malware by closing off Cognizant’s access to their networks, effectively putting projects on hold. Later, Cognizant said it had contained the Maze ransomware strike, which hit it as well as its customers and it expected to spend up to $70 million to restore its computer systems.
“Cognizant’s ransomware attack and subsequent fallout are certainly notable, but the most critical takeaway is that all organisations, both providers and enterprises, need to take the threat of ransomware seriously. Cognizant isn’t the first victim, and it won’t be the last,” Phil Fersht, chief executive officer (CEO) and chief analyst, HfS Research, said in a note.
According to reports, 33 per cent of businesses said they lost customers due to security breaches.
Cybersecurity experts say clients and vendors must establish clear security standards in their agreements and continuous communication is the key.
“To safeguard against potential compromises by third-party service providers, organisations must conduct thorough vendor-risk assessments, establish clear security standards in contractual agreements, and regularly audit and monitor third-party systems. Data encryption during transmission and storage, strict access controls with multi-factor authentication, and a well-defined incident response plan are essential,” said Sonit Jain, CEO, GajShield Infotech, a security solutions provider.
“Continuous communication, employee training, and adherence to legal and compliance standards further fortify defences.”
While generative AI (GenAI) technology is rapidly advancing and can provide significant benefits to an organisation, it also poses risks to privacy, cybersecurity, and client engagements. To address these, some IT services providers have come up with policies that clearly define the terms of usage of GenAI.
Wipro has stated in its policy: “GenAI tools can only be used for client projects if approved by clients or if the use is allowed as per client contract. Similarly, client enterprise data including personal details should not be used in GenAI without client approval ...”
