So much cybersecurity focus is on the tangible damage done to business, but what about the intangibles? As more and more high profile hacks rock the corporate environment, how do brands retain trust?
CiscoLive 2015, at Melbourne Convention and Exhibition Centre, hosted a cybersecurity panel asking exactly that.
The panel consisted of Cisco's senior vice president and chief security and trust officer, STO, John Stewart, Telstra's CISO, Mike Burgess, Cisco's VP and CTO, security business group, Bret Hartman, National Australia Bank's CSO, David Powell, and the Australian Cyber Security Research Institute's CEO, Gary Blair.
Crime and espionage in the cyber world is now occurring at an unprecedented scale, and last year's headline hacks, Sony Entertainment and Target, demonstrate that the loss of data is now a foreseeable consequence, if not inevitable.
Burgess believes that these high levels hacks have not only brought cybersecurity to the forefront of industry minds, but to the general public - and thus have rapidly become a board level problem.
Stewart agreed, noting that every business in the modern world is now an IT corporation, "whether they like it or not."
"What really happens when something critical has been taken away? It is now more than just about your ability to generate revenue, your value is lost," he said.
"So why are boards getting involved? Because it affects the entire business model."
Blair is more philosophical, but believes that the tangible and intangible are not entwined.
"Trust is something that can be added to, or taken away - but it is always a finite element."
Even when boards are trying to do the right thing and implement security frameworks to protect the business, the modern business environment often means that there are too many frameworks to work with, most are very hard to digest, and the channel will always struggle to implement them when there are so many differing needs from the customer. The industry suffers from a lack of standardisation, but simultaneously, not every shoe fits every foot.
As Stewart adds, oftentimes once a framework has been implemented, perhaps over the course of years in the case of large businesses, the market has already moved on. The fact is, even if a framework is implemented, these businesses may well still be hacked.
What is quite frightening about these cybersecurity attacks, and the subsequent loss of trust in business entities, is that there is a very real risk of technological advancement going backward.
If banks, for example, aren't trusted with customer's personal information and funds in the virtual world, customers may well go back to more inconvenient methods - such as visiting banks for withdrawals, or jamming phone banking lines with calls to transfer money.
"This is why we need to get so many of these issues corrected. Because actually moving backwards from these systems would actually take us back to a place we dont know how to go back to," Stewart said.
Boston Consulting Group back in 2012 actually projected that the G20 online economy would be worth between $1.5 trillion and $2.5 trillion by 2016.
"The difference between those two numbers was trust. That's how large trust was projected to be in economic terms," Blair said.
Stewart believes that these kinds of statistics are already a reality in intangible terms today - it is already differentiating customers choice of companies. Apple, for example, is now a more trusted brand for compute than others, especially in the smartphone market via the iPhone, for better or for worse.
The opportunity for non business entities is approachable in similar terms - what if Australia become known, through a variety of corporate or legislative incentives, as the safest place in the world to store data? The US and China spy on data, other countries have poor infrastructure or other challenges - it would be easy for a country to step up and build its own trust system in the geopolitical sense - to become the 'Swiss Banking' of data.
Trust is also about how companies respond after data breaches, the manner in which they apologise, come forward and rectify the situation.
Cisco itself is no stranger to government spying, as it was found that the US government was installing backdoors into its equipment, and rival Huawei faces down the same challenges from its close ties to the Chinese government.
Stewart says there will always be an inherent risk once the product is in the supply chain (their breach allegedly occurred during Fedex transit), but that the company has made moves to protect its assets - and customers can pick up the product directly from the company, or its distributors, if need be. The majority of risk, he says, remains in operations, especially in the Cloud era, rather than in physical supply chains.
A scary note, most of the panel agreed, is that Australia is still incredibly backward when it comes to mandatory disclosure laws - there is no legal onus on any entity to share the fact that they've been breached with any legislative or executive body, let alone the consumer.
Building trust with your service supplier, in any industry is key, and Stewart believes that, minus government involvement, consumers should be approaching their partners to demand accountability.
The other risk with mandatory disclosure is 'white noise'; namely, that there are so many breaches occurring consistently that we all become numb to it, whether it makes an impact or not.
The key opportunity is that the amount of connectivity a nation has, directly correlates with their GDP growth, Stewart says. So as a world of internet of things evolves, the more attention we need to give to security to ensure it remains a viable enterprise.
In terms of the sophistication of the Australian private sector when it comes to cybersecurity, Blair says that the banks and telcos are near the top in the world, but that "it falls away quickly after that" with energy companies, critical infrastructure and lower down assets not as secure as they should be.