Following the latest wave of cyber attacks locally, companies are being urged to beef up their cybersecurity strategies to insulate themselves from the strongholds of more devastating future breaches.

Speaking with the Jamaica Observer this week, acting CEO of managed IT services company tTech Limited Norman Chen encouraged entities within both the public and private sectors to move away from their reliance on traditional forms of protection to engage the use of more modern methods which are grounded in tighter encryption and 24-hour monitoring and surveillance.

“The traditional forms of security are not enough to protect companies from a lot of these attacks which, over the years, are becoming much more sophisticated and need to be backed by systems having greater intelligence.

“Companies, therefore, need to begin to view cybersecurity as a major part of their business which needs to be treated of utmost importance and not just left up to their respective IT departments but dealt with from top-down,” he stated, noting that the prevalence of attacks in the last few years has been definitely pushing more companies to get serious in this regard.

Witnessing significant growth in clientèle, he said the demand for added cybersecurity protection by a number of companies across all industries has also been positively adding to the bottom line of his company, helping the company to reverse losses incurred in the prior year period.

The solutions most sought after, he said, included those along the range of penetration tests, encryption evaluation and network security assessments.

“In light of growing attacks I would definitely say that more companies have been seeking to add greater cybersecurity protection to their businesses. This is evident in our security portfolio which now ranks as the fastest growing,” Chen told the Business Observer.

With the provisions of the Data Protection Act set to take effect come December 1, 2023, deputy information commissioner in the Office of the Information Commissioner (OIC) David Grey further reminded companies or data controllers of the responsibility they have in ensuring that customer data remains safe.

“In light of the increase in cyber attacks worldwide and generally as is happening locally, the OIC is encouraging all businesses to take the most reasonable steps to look at their information technology [IT] systems in order to ensure that the relevant controls are in place and that security remains robust so that in the event of an attack, efforts will be thwarted,” he said.

He said that while currently there is no onus on companies to report breaches since there remains a few more months before the legislation takes full effect, in the interim it is, however, prudent for companies to get in line as they make themselves ready and not having to face possible sanctions if they fail to notify the OIC of breaches or to undertake the prescribed actions.

Under the provisions of the Act, companies could face penalties ranging from a simple warning for minor breaches to more serious punishment including fines and/or imprisonment. Under section 68 of the Act — a fine could range from $2 million on the bottom end to a high of four per cent of gross annual worldwide turnover of a company.

IT consultancy firm Symptai Limited, through the recent launch of its Jamaica Data Protection Act course, is seeking to equip individuals and corporates with the necessary knowledge needed to navigate requirements under the Act when it becomes fully implemented on November 30, 2023.

“We understand that the technical implementation of the Act may be difficult, so we have compiled some resources that will help businesses on their journey to compliance. The knowledge gained will assist participants in developing and implementing effective data privacy programmes,” a notice from the company stated.

With a slew of local companies including the Jamaica National Group, Massy and more recently, investment company Mayberry and the national surveillance system Jamaica Eye among those having fallen prey to cyber attacks, more companies have been moving to have added layers of protection as they try to dodge the bullet of cyber intrusion.

In the case of food and financial services conglomerate GraceKennedy (GK), its CEO Don Wehby said that to date significant sums have been spent to bolster systems and to provide mandatory security training sessions for staff and board members to safeguard its operations as best as possible.

“In response to increasing cyber attacks across the globe, GK has taken additional steps to safeguard our users, IT infrastructure and customer data. Over the past year we have invested approximately US$500,000 in additional monitoring, threat intelligence, end-point detection and response systems. We have also engaged industry leading cybersecurity experts to provide ongoing assessments for continuous improvement,” he told the Business Observer.

According to the findings of a PwC global insight report done last year, more than 70 per cent of CEOs across some 3,500 companies worldwide had indicated that they would be increasing their cyber budgets going forward especially as hackers become more daring and nefarious and breaches very damaging. Data from the study also outlined that with last year deemed one of the worst for cybersecurity, the expectation was for it to be worst this year fuelled by more serious attacks. Already, confirmed data breaches across the globe have moved from costs of US$1 million to US$20 million within the last three years.

Locally a number of other large corporates, with businesses cutting across operations in a number of industries, have also had to, within the last few years, ramp up investments in cybersecurity as they move to ward off potential attacks and cyber attack-proof their systems.