Large-scale, carefully targeted cyber-attacks are threatening companies and state institutions like never before.
Whatever the objective of the criminals, be it enrichment or destruction, these intrusions into information systems raise enormous challenges for victims. The economic cost of recovery can be high, but the main issue is that attacks put reputations at risk.
The US retailer Target spent an estimated $252m to restore security and confidence after the private information of 70 million customers was stolen in 2013. Intruders hacked the software installed to pilot heating systems in retail outlets in order to gain access to Target's critical information. The company selling this system collapsed soon after the event.
Business firms need to take cybersecurity seriously. They must invest in technical and behavioural protections. But reaching total protection is an illusion.
Security, like doping, is like an innovation race: hackers identify and step into security breaches, experts plug the gaps, then crooks find new ways to break in.
Companies should increase protection and prepare themselves to face cyber-attacks. The question is not "are we going to get hacked?", but "when are we going to get hacked?"
At the same time, more and more businesses are moving towards the cloud. More than half of big US companies have already done it. Instead of infinitely investing in computer infrastructure, they use third-party servers to store and process their data. Cloud computing is popular because providers offer high-capacity networks and computing power, low costs and good adaptability, thanks to a "pay per use" model.
The main cloud computing providers are well-known: Amazon Web Services (AWS) controls about half the market. Microsoft Azure is about one third the size of AWS. Relatively smaller actors include Google, IBM and Oracle. These companies have achieved impressive growth rates over the last five years, sometimes higher than 100% per year. And they continue to invest in computer and network capabilities, in machine learning and artificial intelligence, creating more and more services.
These companies have no choice than to be among the most secure businesses in the world. Their internet-based core businesses simply cannot afford to be disrupted by cyber-attacks. Look at what happened to Yahoo after its 2016 security breach was released. Verizon Communications was about to buy Yahoo for $4.8bn in July 2016, but the revelation of a data theft contributed to a drop in the sale price to $4.48bn in February 2017. Security is undoubtedly an essential business requirement for the main players in the internet and the cloud.
Consequently, it's likely that Amazon, Microsoft and others will benefit from the rise of cyber-attacks. As these firms are reputed for their expertise in security, other companies would do well to accelerate the movement of their information systems into the cloud. They will profit from the classic cloud advantages, but also from the advantage of locating their data in an environment perceived as safe.
Cyber-attacks destroy victims' value. But cyber-attacks are likely to create huge value for the few dominant cloud actors.
Philippe Very is professor of strategic management and head of faculty at EDHEC Business School.
Newsweek's Structure Security conference on September 26-27 in San Francisco will highlight the best practices that security professionals are using to protect some of the world's largest companies and institutions, join us for two days of talks, workshops and networking sessions with key industry players - register now.