Kathmandu: A UK-based cyber security expert, Niranjan Kunwar, has called upon companies to adopt holistic strategy for cybersecurity.
Making a presentation at the two-day international conference on Crimes of the Digital Age: Anticipation and Response on Thursday, Chief Technical Officer and Chief Information Security Officer of Genese Solution – a UK-based value IT and cybersecurity consulting company, said there was an urgent need for a paradigm shift in addressing cybercrime, transitioning from a reactive, IT-focused stance to a proactive, business-centred strategy.
Addressing the conference organised by the Office of Attorney General, Government of Nepal, Mr Kunwar said as cybercrime continues to pose significant financial, reputational, operational, and regulatory risks, cybersecurity must be treated as a core business imperative. He advised companies to adopt a holistic cybersecurity framework built around three key pillars: people, processes, and technology. The people pillar stresses continuous security awareness training and cultivating a robust security culture with leadership support.
The process pillar focuses on business continuity planning, incident
response, and regular audits. The technology pillar advocates a layered security
model, including endpoint detection, data encryption, vulnerability management, and
secure software development practices, he said.
Mr Kunwar, who brings with him over 25-year-long experience of working in the
sector, advised that in order to combat cybercrime, companies should use
frameworks like NIST cybersecurity framework, create a prioritised roadmap aligned
with business and IT goals, and execute it. By embracing this comprehensive
approach, organisations can enhance their cyber resilience and proactively address
the escalating risks posed by increasingly sophisticated cybercrimes, he said.
“Cybersecurity can no longer solely be an IT concern; it's a critical business
imperative. A single cyber incident can inflict significant financial losses, reputational
damage, operational disruption, and regulatory fines, potentially threatening an
organisation’s very existence,” said Mr Kunwar.
Cybercrime has become one of the costliest risks for organisations. The global
average cost of a data breach reached $4.88 million in 2024. These costs include
immediate expenses such as breach detection and containment, alongside long-term
impacts like customer attrition and reputational damage, he added.
Mr Kunwar warned that the reputational fallout from cybercrime could be
devastating. A breach erodes customer trust and can deter potential clients or
partners from engaging with an affected organisation. For example, the Marriott
breach, which exposed sensitive customer data, resulted in an $52 million fine and
widespread reputational harm, he added.
Mr Kunwar said that governments and regulators were increasingly imposing
penalties on organisations that fail to protect data and comply with cybersecurity
standards. British Airways faced a £20 million fine for GDPR violations after a breach
exposed customer information. Non-compliance not only results in financial penalties
but also damages public and regulatory trust.
How to prevent and mitigate cyberattacks
Mr Kunwar said that in the face of escalating cybercrime, business leaders have the
choice and power to drive meaningful change. “The time has come to move beyond
questioning “if” a cyberattack will occur to asking “how” it can be prevented and
mitigated, and “what” actions must be taken to protect the organisation. By shifting
the paradigm and asking the right questions, leaders can shape effective
cybersecurity strategies that align with their organisation’s broader objectives,” he
added.
Elevating cybersecurity to a core component of enterprise risk management ensures
that it is integrated into decision-making at every level, aligning defences with the
organisation’s overall strategy and goals, said Mr Kunwar.
Empowering leadership with knowledge and data is essential for driving effective
cybersecurity strategies. Too often, cybersecurity discussions rely on fearmongering,
which can lead to reactive decision-making. Instead, organisations should focus on
providing executives and directors with clear, actionable insights that enable them to
make informed decisions. Training programs, threat intelligence reports, and real-
time metrics can help bridge the knowledge gap, fostering a culture of informed,
proactive leadership, he said.
“While technology alone cannot eliminate cybersecurity risks, it forms the backbone
of a strong security strategy. A layered defence approach ensures that vulnerabilities
are addressed at multiple levels, reducing the likelihood of successful attacks,” said
Kunwar adding, “By adopting a layered technology approach, organisations can stay
ahead of cybercriminals, strengthen defences, and ensure long-term security.
Secure configurations, proactive monitoring, and strong authentication controls
create a robust security posture that protects both business and customer assets.”
Mr Kunwar said that cybersecurity is not just an IT issue but also a pressing
business challenge that demands a proactive and comprehensive response. The
escalating sophistication of cyber threats, coupled with the increasing reliance on
digital technologies, has made cybersecurity a critical business priority.
Organisations must evolve from a reactive, siloed mindset to a proactive, integrated
approach that aligns cybersecurity efforts with broader strategic goals, he said.
Prime Minister K P Sharma Oli inaugurated the conference being attended by prosecutors, investigators, scholars, practitioners, and professionals in the fields of law, criminology, AI, cybersecurity, digital currencies from over a dozen countries.
Comment