28th February 2025, Kathmandu
A UK-based cybersecurity expert, Niranjan Kunwar, has called upon companies to adopt a holistic strategy for cybersecurity. Making a presentation at the two-day international conference on Crimes of the Digital Age: Anticipation and Response on Thursday, Chief Technical Officer and Chief Information Security Officer of Genese Solution – a UK-based value IT and cybersecurity consulting company, said there was an urgent need for a paradigm shift in addressing cybercrime, transitioning from a reactive, IT-focused stance to a proactive, business-centred strategy.
Cybersecurity Expert Niranjan Kunwar
Addressing the conference organised by the Office of Attorney General, Government of Nepal, Mr Kunwar said that as cybercrime continues to pose significant financial, reputational, operational, and regulatory risks, cybersecurity must be treated as a core business imperative. He advised companies to adopt a holistic cybersecurity framework built around three key pillars: people, processes, and technology. The people pillar stresses continuous security awareness training and cultivating a robust security culture with leadership support.
The process pillar focuses on business continuity planning, incident response, and regular audits. The technology pillar advocates a layered security model, including endpoint detection, data encryption, vulnerability management, and secure software development practices, he said.
Mr Kunwar, who brings with him over 25 years of experience working in the sector, advised that to combat cybercrime, companies should use frameworks like the NIST cybersecurity framework, create a prioritised roadmap aligned with business and IT goals, and execute it. By embracing this comprehensive approach, organisations can enhance their cyber resilience and proactively address the escalating risks posed by increasingly sophisticated cybercrimes, he said.
“Cybersecurity can no longer solely be an IT concern; it's a critical business imperative. A single cyber incident can inflict significant financial losses, reputational damage, operational disruption, and regulatory fines, potentially threatening an organization’s very existence,” said Mr Kunwar.
Cybercrime has become one of the costliest risks for organisations. The global average cost of a data breach reached $4.88 million in 2024. These costs include immediate expenses such as breach detection and containment alongside long-term impacts like customer attrition and reputational damage, he added.
Mr Kunwar warned that the reputational fallout from cybercrime could be devastating. A breach erodes customer trust and can deter potential clients or partners from engaging with an affected organisation. For example, the Marriott breach, which exposed sensitive customer data, resulted in a $52 million fine and widespread reputational harm, he added.
Mr Kunwar said that governments and regulators were increasingly imposing penalties on organizations that fail to protect data and comply with cybersecurity standards. British Airways faced a £20 million fine for GDPR violations after a breach exposed customer information. Non-compliance not only results in financial penalties but also damages public and regulatory trust.
How to prevent and mitigate cyberattacks
Mr Kunwar said that in the face of escalating cybercrime, business leaders have the choice and power to drive meaningful change. “The time has come to move beyond questioning ‘if’ a cyberattack will occur to asking ‘how’ it can be prevented and mitigated, and ‘what’ actions must be taken to protect the organisation. By shifting the paradigm and asking the right questions, leaders can shape effective cybersecurity strategies that align with their organisation’s broader objectives,” he added.
Elevating cybersecurity to a core component of enterprise risk management ensures that it is integrated into decision-making at every level, aligning defences with the organisation’s overall strategy and goals, said Mr Kunwar.
Empowering leadership with knowledge and data is essential for driving effective cybersecurity strategies. Too often, cybersecurity discussions rely on fearmongering, which can lead to reactive decision-making. Instead, organisations should focus on providing executives and directors with clear, actionable insights that enable them to make informed decisions. Training programs, threat intelligence reports, and real-time metrics can help bridge the knowledge gap, fostering a culture of informed, proactive leadership, he said.
“While technology alone cannot eliminate cybersecurity risks, it forms the backbone of a strong security strategy. A layered defence approach ensures that vulnerabilities are addressed at multiple levels, reducing the likelihood of successful attacks,” said Kunwar, adding, “By adopting a layered technology approach, organisations can stay ahead of cybercriminals, strengthen defences, and ensure long-term security. Secure configurations, proactive monitoring, and strong authentication controls create a robust security posture that protects both business and customer assets.”
Mr Kunwar said that cybersecurity is not just an IT issue but also a pressing business challenge that demands a proactive and comprehensive response. The escalating sophistication of cyber threats, coupled with the increasing reliance on digital technologies, has made cybersecurity a critical business priority. Organisations must evolve from a reactive, siloed mindset to a proactive, integrated
approach that aligns cybersecurity efforts with broader strategic goals, he said.
Prime Minister of Nepal Mr K P Sharma Oli inaugurated the conference being attended by prosecutors, investigators, scholars, practitioners, and professionals in the fields of law, criminology, AI, cybersecurity, and digital currencies from over a dozen countries.
For more: Cybersecurity Expert Niranjan Kunwar