Business
IT security is not a cost, but a business investment

By Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
Justifying investments in new or additional cyber security initiatives to the board, can be a particular challenge for IT security professionals. Part of the problem is that the C-suite typically views IT security as a cost centre rather than an asset that can add value to business processes. Unfortunately, this means that when the time comes to review budgets, IT security is one of the first departments to be at the sharp end. But times are changing. Data breaches, like those at BA and Marriott International, both of which resulted in multi-million-pound fines, have ushered in a new era where investment into data security has direct repercussions for the boardroom, and the bottom line of the business.
To ensure IT security is given the necessary funding to protect the business, CISOs must work closely with CFOs to set smart business metrics that clearly demonstrate securities strategic value.
The strategic imperative

Joseph Carson
Thycotic research shows that CISOs struggle to secure enough funding and support from their boards to achieve their cyber security goals. According to the Cyber Security Team’s Guide to Success, one third (34 percent) say that they don’t get enough funding to implement additional security solutions. This could be down to the fact that a quarter (26 percent) report that their boards are not prioritising IT security as strategically important.
In such cases, it is not surprising that when reviewing budgets, IT security comes to the top of the list. Why would you want to prioritise investment in something if you don’t view it as of strategic importance? However, this would be a mistake. The perception of IT security purely as a cost centre will ultimately lead decision makers to think about how corners could be cut, and costs could be reduced. Following such an approach opens businesses up to security risks that could cost them significantly more in the long run. For instance, if a firm falls foul of the GDPR, it could end up having to pay a fine of up to the greater of four percent of its global turnover or €20 million.
Think people and business first
Clearly, CFOs aren’t cyber security experts, nor should they be expected to understand the minutiae of security initiatives. However, there needs to be better communication between the CFO and CISO in order to clearly demonstrate the business value of IT security and to make the necessary budgetary commitments. To this end CISOs need to be encouraged to take a “people & business first” approach, where they consider how any security initiatives can help their firm and its employees to more effectively accomplish tasks and goals. By thinking about non-security focused objectives, CISOs will automatically start thinking about issues in a business-centric way that will make their work easier for others outside the IT security team to understand and relate to.
This starts with talking about the right metrics. CISOs need to use metrics that clearly demonstrate to the board the business impact that they have made. This means re-thinking quantitative metrics that have little or no context or which are weighed down in jargon-filled parlance. For instance, reporting that so many thousands of vulnerabilities have been patched to show how busy the IT security team has been might seem impressive, but what does that actually mean for the business? CISOs need to paint a picture about how their activity is not only protecting the business, but also helping it to operate more effectively. Metrics that CISOs should use are those that show how security is protecting revenue, saving employees time or improving productivity. This is highlighted in the Thycotic research where 44 percent of respondents said that using data to demonstrate the wider business impact makes the biggest difference in how a security budget is allocated. It was also said to be the most important factor.
However, to be able to do this CISOs need to talk to their CFOs to find out exactly what the board needs in terms of efficiency savings, business goals and so on. They also need to have a conversation about any other areas of the business that could become more efficient with improved cyber defences, as well as finding the evidence for how much money has been saved thanks to IT security initiatives.
“It is time for security teams to spend more time listening to employees and their business goals” – Joseph Carson
Business
Euro zone business activity shrank in January as lockdowns hit services

By Jonathan Cable
LONDON (Reuters) – Economic activity in the euro zone shrank markedly in January as lockdown restrictions to contain the coronavirus pandemic hit the bloc’s dominant service industry hard, a survey showed.
With hospitality and entertainment venues forced to remain closed across much of the continent the survey highlighted a sharp contraction in the services industry but also showed manufacturing remained strong as factories largely remained open.
IHS Markit’s flash composite PMI, seen as a good guide to economic health, fell further below the 50 mark separating growth from contraction to 47.5 in January from December’s 49.1. A Reuters poll had predicted a fall to 47.6.
“A double-dip recession for the euro zone economy is looking increasingly inevitable as tighter COVID-19 restrictions took a further toll on businesses in January,” said Chris Williamson, chief business economist at IHS Markit.
“Some encouragement comes from the downturn being less severe than in the spring of last year, reflecting the ongoing relative resilience of manufacturing, rising demand for exported goods and the lockdown measures having been less stringent on average than last year.”
The bloc’s economy was expected to grow 0.6% this quarter, a Reuters poll showed earlier this week, and will return to its pre-COVID-19 level within two years on hopes the rollout of vaccines will allow a return to some form of normality. [ECILT/EU]
A PMI covering the bloc’s dominant service industry dropped to 45.0 from 46.4, exceeding expectations in a Reuters poll that had predicted a steeper fall to 44.5 and still a long way from historic lows at the start of the pandemic.
With activity still in decline and restrictions likely to be in place for some time yet, services firms were forced to chop their charges. The output price index fell to 46.9 from 48.4, its lowest reading since June.
That will be disappointing for policymakers at the European Central Bank – who on Thursday left policy unchanged – as uncomfortably low inflation has been a thorn in the ECB’s side for years.
Factory activity remained strong and the manufacturing PMI held well above breakeven at 54.7, albeit weaker than December’s 55.2. The Reuters poll had predicted a drop to 54.5.
An index measuring output which feeds into the composite PMI fell to 54.5 from 56.3.
But despite strong demand factories again cut headcount, as they have every month since May 2019. The employment index fell to 48.9 from 49.2.
As immunisation programmes are being ramped up after a slow start in Europe optimism about the coming year remained strong. The composite future output index dipped to 63.6 from December’s near three-year high of 64.5.
“The roll out of vaccines has meanwhile helped sustain a strong degree of confidence about prospects for the year ahead, though the recent rise in virus case numbers has caused some pull-back in optimism,” Williamson said.
(Reporting by Jonathan Cable; Editing by Toby Chopra)
Business
Volkswagen’s profit halves, but deliveries recovering

BERLIN (Reuters) – Volkswagen reported a nearly 50% drop in its 2020 adjusted operating profit on Friday but said car deliveries had recovered strongly in the fourth quarter, lifting its shares.
The world’s largest carmaker said full-year operating profit, excluding costs related to its diesel emissions scandal, came in at 10 billion euros ($12.2 billion), compared with 19.3 billion in 2019.
Net cash flow at its automotive division was around 6 billion euros and car deliveries picked up towards the end of the year, the German group said in a statement.
“The deliveries to customers of the Volkswagen Group continued to recover strongly in the fourth quarter and even exceeded the deliveries of the third quarter 2020,” it said.
Volkswagen’s shares, which had been down as much as 2%, turned positive and were up 1.5% at 164.32 euros by 1158 GMT.
Sales at the automaker rose 1.7% in December, at a time when new car registrations in Europe dropped nearly 4%, data from the European Automobile Manufacturers’ Association showed.
Like its rivals, Volkswagen is facing several challenges due to the coronavirus pandemic as well as a global shortage of chips needed for production.
It also sees tough competition in developing electrified and self-driving cars. The merger of Fiat Chrysler and Peugeot-owner PSA to create the world’s fourth-biggest automaker Stellantis adds to the pressure.
Volkswagen said on Thursday it missed EU targets on carbon dioxide (CO2) emissions from its passenger car fleet last year and faces a fine of more than 100 million euros.
The group is expected to release detailed 2020 figures on March 16.
($1 = 0.8215 euros)
(Reporting by Kirsti Knolle; Editing by Maria Sheahan and Mark Potter)
Business
Global chip shortage hits China’s bitcoin mining sector

By Samuel Shen and Alun John
SHANGHAI/HONG KONG (Reuters) – A global chip shortage is choking the production of machines used to “mine” bitcoin, a sector dominated by China, sending prices of the computer equipment soaring as a surge in the cryptocurrency drives demand.
The scramble is pricing out smaller miners and accelerating an industry consolidation that could see deep-pocketed players, many outside China, profit from the bitcoin bull run.
Bitcoin mining is closely watched by traders and users of the world’s largest cryptocurrency, as the amount of bitcoin they make and sell into the market affects its supply and price.
Trading around $32,000 on Friday, bitcoin is down 20% from the record highs it struck two weeks ago but still up some 700% from its March low of $3,850.
“There are not enough chips to support the production of mining rigs,” said Alex Ao, vice president of Innosilicon, a chip designer and major provider of mining equipment.
Bitcoin miners use increasingly powerful, specially-designed computer equipment, or rigs, to verify bitcoin transactions in a process which produces newly minted bitcoins.
Taiwan Semiconductor Manufacturing Co and Samsung Electronics Co, the main producers of specially designed chips used in mining rigs, would also prioritise supplies to sectors such as consumer electronics, whose chip demand is seen as more stable, Ao said.
The global chip shortage is disrupting production across a global array of products, including automobiles, laptops and mobile phones. [L1N2JP2MY]
Mining’s profitability depends on bitcoin’s price, the cost of the electricity used to power the rig, the rig’s efficiency, and how much computing power is needed to mine a bitcoin.
Demand for rigs has boomed as bitcoin prices soared, said Gordon Chen, co-founder of cryptocurrency asset manager and miner GMR.
“When gold prices jump, you need more shovels. When milk prices rise, you want more cows.”
CONSOLIDATION
Lei Tong, managing director of financial services at Babel Finance, which lends to miners, said that “almost all major miners are scouring the market for rigs, and they are willing to pay high prices for second-hand machines.”
“Purchase volumes from North America have been huge, squeezing supply in China,” he said, adding that many miners are placing orders for products that can only be delivered in August and September.
Most of the products of Bitmain, one of the biggest rig makers in China, are sold out, according the company’s website.
A sales manager at Jiangsu Haifanxin Technology, a rig merchant, said prices on the second-hand market have jumped 50% to 60% over the past year, while prices of new equipment more than doubled. High-end, second-hand mining machines were quoted around $5,000.
“It’s natural if you look at how much bitcoin has risen,” said the manager, who identified himself on by his surname Li.
The cryptocurrency surge is affecting who is able to mine.
The increasing cost of investment is eliminating smaller players, said Raymond Yuan, founder of Atlas Mining, which owns one of China’s biggest mining business.
“Institutional investors benefit from both large scale and proficiency in management whereas retail investors who couldn’t keep up will be weeded out,” said Yuan, whose company has invested over $500 million in cryptocurrency mining and plans to keep investing heavily.
Many of the larger players growing their mining operations are based outside of China, often in North America and the Middle East, said Wayne Zhao, chief operating officer of crypto research company TokenInsight.
“China used to have low electricity costs as one core advantage, but as the bitcoin price rises now, that has gone,” he said.
Zhao said that while previously bitcoin mining in China used to account for as much as 80% of the world’s total, it now accounted for around 50%.
(Reporting by Samuel Shen and Alun John; Editing by Vidya Ranganathan and William Mallard)