Boss of Dublin-based IT security firm Ward Solutions, Pat Larkin said failure to take cybersecurity breaches seriously was costing some firms hundreds of thousands of euro in the short term following a breach.
He said it was also having an impact in the medium to long term with share prices dropping and not recovering because of investor concerns over security.
Mr Larkin was speaking in the wake of the world’s biggest shipping company admitting it faces a $300m (€255m) bill following an online breach in June.
Danish shipping group Moller Maersk said it expected a $200m to $300m bill from a cyber attack that disrupted its container shipping operations for weeks.
The attack contributed to Moller’s $264m loss in the second quarter, highlighting the toll on corporate earnings of a June 27 malware attack.
Cyence, which helps insurers measure cyber risk, said economic costs from the attack would total $850m.
Mr Larkin said cybercrime was now more lucrative than the global drugs trade.
“Cybercrime is now bigger than the drugs trade and firms have to get serious about it. Information security is a continuous journey.”
Europol, the EU-wide intelligence network, has warned the global impact of cybercrime has risen to $3 trillion, making it “more profitable than the global trade in marijuana, cocaine and heroin combined”.
A recent survey by British IT research firm Juniper said criminal data breaches will cost businesses a total of $8 trillion over the next five years, due to higher levels of Internet connectivity and inadequate enterprise-wide security. It found that SMEs are particularly at risk from cyberattacks
Juniper forecasts that the number of personal data records stolen by cybercriminals will reach 2.8 billion in 2017, almost doubling to five billion in 2020.
Mr Larkin said boardrooms had to get more informed about the risks of cyber breaches.
“We are starting to see a much more serious approach thankfully. Historically, information security and risk has been seen as merely an IT department problem. It never really surfaced at executive level. However, the amount of time we are spending at executive briefings is up around 500% in the past three years,” he said.
Mr Larkin said the damage that could be done from a perception point of view was damaging enough, but that the long-term effects also had to be considered.
“Whether it is malware or a data breach, the bad PR alone is enough to cause damage. Companies and executives are beginning to understand that. However, it can also have a major impact on a share price post-breach. You see 2-3% being knocked off in the medium term. The ongoing damage is very measurable,” he said.
Mr Larkin said executives and their IT departments had to improve communication in order to get better at dealing with cybercrime.
“There is a communication gap, as in how much is really understood by executives when it comes to technical language by IT professionals. That must get better and companies must work to try and create a common language,” he said.