From: Financial Times
By Gillian Tett
Many companies terrified of talking publicly about issue
It was at the World Economic Forum meeting in Davos six years ago that I first became seriously worried about the credit bubble. It was clear then, in January 2007, that problems were developing in complex credit. But it was also clear that the public and private sector were in widespread denial.
That partly stemmed from an “agency dilemma”, as economists say: although there was plenty of unease about complex credit, no single company or government official wanted to blow the whistle, in case they suffered stigma or created panic. Thus it was frustratingly hard to pin down tangible names or numbers to articulate my fears; all I heard were whispers in Davos corridors.
This week I have experienced an echo of this pattern at the 2013 WEF meeting. But this time my unease does not revolve around any financial threats, but another issue – cyber security. Most notably, after chatting to corporate executives at Davos this year, it is clear many are suffering a deluge of cyber attacks. Some of these emanate from teenage hackers, or opportunists trying to steal money or secrets; but many seem more malign, security experts say, with the potential to disable corporate systems or critical infrastructure.
However, as in 2007, an “agency dilemma” is at work. In recent months, some companies (such as HSBC, Wells Fargo or Lockheed) have been forced to admit to suffering cyber attacks, after the penetration has become visible. But this is just the tip of a vast iceberg, and the overwhelming majority of companies today are terrified of talking too publicly about the issue, for fear of suffering stigma or sparking panic.
That means it is tough for any outsider to get precise information about the overall scale of attacks. It is even tougher for shareholders to work out the degree to which individual companies are being targeted.
Indeed, such is the reluctance to speak in public that while this year’s Davos meeting has conducted panel debates on the issue, there were almost no CEO participants at all; and it is hard to find an annual corporate report that delves into this issue in detail.
Nevertheless, the whispers in the Davos corridors are sobering. The head of one big consultancy group, for example, says some global clients are experiencing around “15,000 attacks a day”. The chief executive of a large global bank says his institution is experiencing “10 times that” level of attack.
Utilities (such as electricity networks) are suffering on a similar scale. Even hospitals are being attacked. “We found out a couple of weeks ago that we have been penetrated 180 times recently – it was a complete surprise,” the head of one big American hospital group told me. Or as a top executive of a US tech group observes: “The attacks are increasing exponentially. The question is not if, but when, something really bad occurs.”
Leave a Reply