State-led Hacking Cost Company 1 Billion Euros, U.K. Spy Chief Says

It’s time to take cyber crime seriously, the head of MI5 suggests.
Andrew SawersJune 27, 2012

A British company suffered lost revenues of €1.0 billion ($1.25 billion) because of a state-sponsored cyber attack against its computer systems, according to the head of the United Kingdom’s inland security agency. The hit was said to be suffered through intellectual-property loss and from “commercial disadvantage in contractual negotiations.”

This James Bond–sounding crime against an unnamed listed company was revealed by spy chief Jonathan Evans, director-general of MI5, in a speech this week to City of London financiers.

Apart from saying it was a company “with which we have worked,” Evans gave no other clue as to the identity of the company or any further information about the exact nature of the losses suffered. However, he added ominously, “They will not be the only corporate victim of these problems.”

4 Powerful Communication Strategies for Your Next Board Meeting

4 Powerful Communication Strategies for Your Next Board Meeting

This whitepaper outlines four powerful strategies to amplify board meeting conversations during a time of economic volatility. 

Evans also declined to name the country responsible for the cyber attack. Russia, China, and Iran have all previously been cited by technology experts as being capable of launching “information warfare” operations.

In his speech, Evans told of “industrial-scale processes” with thousands of people behind both state-sponsored cyber espionage and organized cyber crime. The threat, he said, relates not only to major industrial companies but also to their foreign subsidiaries. Also at risk: suppliers of professional services, “who may not be so well protected.”

His advice? “The boards of all companies should consider the vulnerability of their own company to these risks as part of their normal corporate governance — and they should require their key advisers and suppliers to do the same.”

The European Commission announced in March that it would establish a Cybercrime Center to focus on “illegal online activities carried out by organised crime groups.” It justified the move in part by referring to U.K. statistics supporting a claim that cyber crime cost the British economy £27 billion a year (€34 billion; $42 billion), about three-quarters of which is borne by business. The rest is absorbed by individuals and the government.

Recent U.S. research suggests that each incidence of cyber crime costs companies an average of $5.5 million (€4.4 million). In a recent web seminar reported by CFO, Jody Westby, CEO of privacy and security consulting firm Global Cyber Risk, said, “Many organizational structures are not suited to 21st century cyber issues and appropriate governance. And many organizations are just not aware of how cyber crime is working today.”

Andrew Sawers is editor of CFO European Briefing, a CFO online publication.