Splunk Chief Strategy Advisor for Europe, James Hodge, emphasises the importance of cyber resilience for businesses and highlights which businesses are most at risk of attacks.
Category
🗞
NewsTranscript
00:0010 trillion euros is the estimated cost of the cyber threat in 2025.
00:05If people don't take cyber resilience as the most important thing they can be doing,
00:09they're going to fail as a business.
00:16Welcome to The Big Question.
00:18This series from Euronews where we address
00:20some of the most important issues on the business agenda.
00:23Today I'm joined by James Hodge,
00:25the Chief Strategy Advisor for Europe at Splunk.
00:27So thank you very much for joining me today, James.
00:29Cyber security is a growing conversation
00:31and we're hearing lots of reports that the threat is getting bigger and bigger.
00:34But can you just put in perspective,
00:35how much of a problem is the cyber threat to the European economy?
00:38I think if you just look at it globally, it's a huge threat.
00:4110 trillion euros is the estimated cost of the cyber threat in 2025
00:46and by 2029 I think that's going to grow by 64%.
00:50It is, I think, one of the biggest topics of our time at the moment
00:53as we're going through this new digital boom.
00:55Can you just explain exactly what a cyber attack looks like?
00:57Everything is digital nowadays.
00:59So I think what a cyber attack really is,
01:01is someone has found a way into my infrastructure
01:04and either steal information from it
01:07or they might block access to that or delete it.
01:11So the impact of that can be really large.
01:13If you think from a hospital point of view
01:15or anything critical infrastructure,
01:17the impact of maybe something very simple
01:19like a patient booking system being unavailable
01:22or the system in hospital to go and get blood tests
01:25being able to be locked out can have a catastrophic consequence.
01:28So when you think about what those types of cyber crimes are,
01:31typically they are either something called a distributed denial of service attack.
01:35I think last year that counted 46% of all attacks on businesses
01:39where they just flood the business with lots of requests.
01:43Imagine lots of people are just shouting at you
01:45and you now don't know what to do.
01:47Or ransomware, where an operating system comes up
01:50and asks you to update your software.
01:52If you don't do that, you may be vulnerable to one of these types of attacks.
01:56Someone gets into your computer and locks you out
01:59and then extorts you for money to go and get access to it back.
02:02And we're definitely seeing that on the rise.
02:04After a company has been attacked, what does that actually mean for a business?
02:07I think the first thing that happens when a company gets attacked
02:10is you get this period of uncertainty.
02:13You're trying to get into the essence of what happened.
02:16Really what we have is failure.
02:18And failure starts to bring in doubt.
02:20The next time you want to do some innovation,
02:22you want to roll out a new piece of software,
02:23you've always got it at the back of your mind.
02:25Have we got this right? Have we protected it a bit more?
02:27And you start to stutter. You start to lose that pace of innovation.
02:30And now the speed of innovation in the marketplace
02:33is potentially the most important thing
02:36because it's so competitive.
02:38But you can't do this at the cost of failure and cyber breaches
02:41because trust is paramount to running a business.
02:45It takes about 75 days to recover from those cyber incidents.
02:48In terms of cost, we did some work last year
02:51on a report called Cost of Downtime
02:53that looked at the global top 2,000 businesses.
02:55And on average, each business could attribute
02:59around €195 million of cost to downtime,
03:02€44 million of which was lost profit.
03:11Is there a big difference between the protection that different businesses have?
03:15Take the European Union.
03:17Businesses that are less than $250 million of revenue
03:21are twice as likely to have a cyber breach
03:24than a business that's over $5 billion of revenue.
03:27Why?
03:28Because businesses over $5 billion of revenue
03:30are really heavily investing in cyber protection,
03:33cyber best practices,
03:35whereas businesses under $250 million
03:37might be much smaller,
03:39they might be on that meteoric rise
03:41as they're going through that innovation pace,
03:43so they haven't thought about it.
03:45So is there a greater knock-on effect
03:47of those businesses being at risk?
03:49Big corporations quite often look to the SME community
03:52to go and take that unique innovation
03:54and then start to embed that into what they do.
03:56There's two knock-ons.
03:58One is we might end up having those big services
04:00provided by big corporations.
04:02The other side is we are potentially squashing innovation
04:05and slowing down innovation that is incredible.
04:08And so it's getting that right,
04:10promoting cyber best practices,
04:12it's not a bad thing,
04:13and really unlocking that innovation
04:15and potential that we can go and have.
04:17As technologies progress,
04:19is that making the cyber risk worse
04:21or is it aiding the fight, do you think?
04:23I think it is adding a huge amount of complexity.
04:25As we get more advances in technology,
04:27the opportunity to be creative,
04:29bring something new into the world,
04:31get first to market,
04:33really is exciting.
04:35If you think about technology today
04:36compared to 20 years ago,
04:38it's liberating.
04:39It's one word you could use for it.
04:41But it's also increasing your attack factors,
04:43your surface of what could be attacked,
04:45is going up so much more.
04:47What can be done to help reduce the risk for businesses
04:51and maybe reduce any gaps in the armour?
04:53When a business thinks about risk,
04:56the first thing they shouldn't be doing
04:57is thinking about technology.
04:58The favourite thing I like is pre-mortem.
05:01Thinking about,
05:02okay, we're going to launch something,
05:04this is going to fail.
05:06How could it fail?
05:08Before, what we used to have
05:10would be a single department
05:11we'd go and think about.
05:12It might have been IT.
05:13Then cyber might have thought about that
05:14later on just before release.
05:16Whereas now it's much more of a cross-functional issue.
05:19We have legal, we have compliance,
05:21HR starting to get involved,
05:23sales, marketing, IT, cyber.
05:26So when a business starts to think about cybersecurity,
05:29they first should be thinking cross-functionally
05:31on what could go wrong,
05:32what is the impact of this,
05:34and let's plan for that failure
05:36and then go and get prepared for that.
05:38Because that creates the right culture
05:40that you can then go and accelerate the technology.
05:42Rather than thinking,
05:43technology is this magic silver bullet
05:44and that's going to protect us from everything.
05:46Looking to the future,
05:47how do you see the cyber threat developing?
05:50One of the things that ANISA,
05:51the European Cybersecurity Agency,
05:53came out with in their 2024 report
05:55was that 26% of attacks were ransomware attacks
06:00and they're seeing that rise.
06:01The World Economic Forum,
06:02in their 2025 cybersecurity assessment,
06:05said that 74% of the respondents
06:07said that cybersecurity attacks were on the rise.
06:11So it's getting more complicated,
06:13but we are seeing more international cooperation.
06:15There's a big operation
06:16to go and take down ransomware as a service providers.
06:20So Lockbit, very famous,
06:22got taken down with a joint operation
06:24between the United States, the UK, Interpol,
06:28Europol, and other organisations around the world.
06:32So I'm starting to see governments
06:33also see this as a competitive advantage
06:35to go and work together
06:37to be able to go and secure people
06:39as much as possible
06:40and go and set up as much best practices
06:42to go and combat that race between cyber criminals
06:46and the rest of the world.
06:48And finally, if companies don't address this issue,
06:51will the potential problem grow?
06:52What could be the impact
06:53for the European economy going forward?
06:55If people don't take cyber resilience,
06:57digital resilience,
06:58as the most important thing they can be doing,
07:01they're going to fail as a business
07:02and if you think about 10 years ago,
07:04near the pace of innovation
07:06to the pace of innovation today,
07:08it's just breathtaking
07:09and those advances are only going to go and increase.
07:12At school, I was rubbish at art.
07:14I think my school art report said,
07:15James enjoys art.
07:17Yeah, a good conversation with a chat GPT
07:19and I can create amazing ideas.
07:21So what it can do is incredible.
07:23Now apply that to the technology space,
07:25to what you can do with 3D printing.
07:26That is breathtaking.
07:28What we actually need is creative minds
07:30that can now work with technology.
07:31If we don't then think about the resilience of that,
07:34we're always going to be on the back foot
07:36because we're always thinking about protection agenda
07:39rather than a growth and an innovation agenda
07:42because we've not thought about security
07:43by first principles.
07:44Thank you so much for your insights today.
07:45It's been fascinating
07:46and thank you for joining me on The Big Question.
07:48Thank you very much.