Companies fear ‘cyber fatality’ after Target attack
The recent data breach at U.S. retailer Target, in which the personal data of at least 70 million customers were stolen, is an all-too harsh warning of the global threat of cybercrime.
Economies, companies and citizens are all at risk from having data stolen and the consequent sudden financial loss, according to analysts.
Ken Allan, global information security leader at professional services firm EY, said there was a growing fear, particularly among U.S. companies, of a "cyber fatality", where the scale of a breach was so damaging, a company failed to recover.
"This is not something that is secondary anymore, this is absolutely mainstream and front-of-mind," Allan told CNBC in a phone interview.
Meanwhile, governments are highly concerned about cyberattacks. The U.K. affords cybercrime the same threat status as terrorism, while FBI Director James Comey has said cyber-attacks are surpassing terrorism as the major threat in the U.S.
Companies unprepared for attacks
Cybercrime is on the rise. Nearly a third of the 1,900 global senior executives surveyed by EY reported the number of security incidents within their organization had increased over the 12 months up to October 2013. CNBC's own Global CFO Council survey showed 83 percent of respondents were worried about cyberattacks.
Although almost half of the companies surveyed said they planned to increase spending on security, experts said firms failed to recognise the severity of the cyber-threat and were inadequately protected.
"This sort of thing is often delegated to the IT departments, when it should be discussed at a boardroom level," David Cook, solicitor advocate in the regulatory team at law firm Pannone, said in a phone interview. "More often than not, nobody has been bothered to look at the security vulnerabilities in a company until it's too late."
Virtual crimes can be committed in a number of ways, from simple spam emails containing viruses to complex attacks aiming to bring down a network. And the financial risk to the global economy is very real, costing around $300 billion annually, according to a report by the Washington-based Center for Strategic and International Studies.
With hackers continuously looking for new ways to attack, companies are left trailing behind. Ernest Hilbert, former FBI agent and head of cyber investigations for EMEA at risk consultancy Kroll, thinks companies should be proactive in order to counter hackers.
"If your stuff is stolen, go and get it back. Because if you don't go after them in the media, and go and sue them, then what is the downside risk for the criminals?," Hilbert told CNBC in a phone interview. "You can track the people down, put their finances on hold, and companies should do it."
Is personal data safe?
Customers' personal information is one of the tastiest pieces of data for hackers to target, as credit card details, addresses and emails can potentially be accessed.
Facebook admitted it was hacked last year in what it called a "sophisticated attack" and Sony's PlayStation Network suffered a security breach in 2011 putting the data of 70 million subscribers at risk.
"The risk to which we are exposed every day, having our personal data in the database in a company which we do business with, and the fact that those companies are not always ready to protect our personal data, is a risk far higher than anything to citizens all around the world," Paolo Balboni, scientific director at the European Privacy Association, said in a phone interview.
(Read more: The Snowden effect? Whistleblowing sees sharp rise)
As companies grapple to strengthen their security, individual users who transfer data everyday must also be responsible, one expert said.
"People think that only smart hackers can protect a system. This idea spreads like the flu. But in the same way people understand that they cannot spread flu, they need to keep a high level of hygiene on their computers and make it harder for criminals to take advantage of the systems," Tim Watson, director of the Cyber Security Centre at the U.K.'s De Montfort University, told CNBC.
"We don't need the internet army to prevent this, we need a group of health professionals," he added.
—By CNBC's Arjun Kharpal: Follow him on Twitter