ALMOST three billion connected consumers and businesses search, shop, socialise, transact and interact every day using PCs and, increasingly, mobile devices. The digital economy, which contributed US$2.3 trillion to the G20’s gross domestic product in 2010 and will contribute an estimated US$4 trillion in 2016, is growing at 10% a year — significantly faster than the overall G20 economy.

The growth is even higher in developing economies, at 15% to 25% annually. Not only is the digital economy an increasingly important source of jobs but digital technologies are also enabling far-reaching social and political changes.

To be a champion in any industry, companies must leverage digital technology smartly to expand their offerings, improve their customer experience and streamline their operations. At The Boston Consulting Group, we see many companies already taking advantage of digital technology to win. However, we do not see as many companies actively thinking about the cyber security threat that comes with digital technology.

In the 2013 Sophos Security Threat Report, Malaysia was ranked the fifth riskiest country with a threat exposure rate of 17.4%. At the national level, the government is actively addressing this threat, leveraging the National Cyber Security Policy (NCSP) set by the National Security Council (Majlis Keselamatan Negara).

Companies must also strengthen their cyber security capabilities. As their customers and partners get connected, data security becomes a bigger concern. Between 2013 and 2014, cyber attacks doubled to 400,000. Moreover, such attacks are increasing in sophistication and impact.

Many global giants have discovered the massive scale of destruction by online criminals. Sony, the Japanese electronics manufacturer, fell prey last year to hackers who broke into the PlayStation systems and stole names, passwords and credit card details of over 70 million users. Restoring the system took the company over a month.

How much did this attack cost? Sony officially estimated losses of US$170 million but industry experts estimate the cost to be four or five times higher. Last December, Sony was again struck by hackers, who this time targeted Sony Pictures and leaked five films — hits for the month — and a torrent of internal emails that further damaged the company’s reputation.

Target and Home Depot, two powerful US chain stores, also fell victim to cyber crime. In both cases, criminals stole the payment card details of 95 million customers from the system. The scale of the crime electrified American public opinion until the Department of Homeland Security announced that hackers had attacked more than 1,000 US companies. Home Depot announced that the total cost to fix the security breach was US$62 million.

Given the scale and number of successful hacker attacks, companies should pivot from wondering if they will be a target of cyber criminals to preparing adequately for such attacks.

Digital giants such as Google and Facebook adopt the philosophy of “offence is the best form of defence”. Google has a special unit — a group of “good” hackers — whose task is to attack the company’s systems to identify their weaknesses before someone else does.

Such a professional approach, however, is rare. Most large corporations do not have an expert in cyber security on the board. Often, there is no awareness of the potential threat.

How can companies protect themselves? First, they need to systematically identify critical business functions. For example, in banking, these would be all points of contact with the client because the failure of ATMs or online transaction systems can undermine customer trust.

Second, establish security teams that act as cyber police to minimise loss and restore order as soon as an alarm is raised.

Third, embed cyber security in the organisation’s DNA. What does this mean? In the largest metropolises, even the best trained and funded security services will not be able to prevent all terrorist threats unless ordinary residents are sensitive to them. In London and New York, neighbours, passers-by and subway passengers inform most of the threats. Similarly, companies need to inform and train their employees.

Cyber threat is a question of when, not if. To avoid financial and reputational damage, companies should be ready for the “when”.

Ong Ching Fong is senior partner and managing director of The Boston Consulting Group

This article first appeared in Forum, The Edge Malaysia Weekly, on June 22 - 28, 2015.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.