Cyber incidents have emerged as the fastest growing business risk in 2016, and damage to reputation is now the single greatest economic loss they cause.
It’s not often that experts agree, but the cyber risk tsunami is recognised around the world as one of the most dangerous sources of organisational and reputational crises.
According to the latest Allianz Risk Barometer, which surveys over 800 risk experts from more than 40 countries, businesses appear less concerned about traditional crisis risks such as natural disasters, fire and explosion, while the major developing business risk is cyber incidents – including cyber-crime, data breaches and IT failures. Moreover, the survey respondents identified cyber incidents as the top emerging risk over the coming decade, way ahead of business interruption and terrorism.
These results should come as no surprise. For example, the Business Continuity Institute’s latest Horizon Scan report identifies cyber-attack as the number one threat to business. And CEO Arno Brok of the Australian Information Security Association has advised his members that not only do experts agree about the rising threat of cyber security in 2016, but he warns that the global cyber security industry “continues to lose ground to the bad guys in cyber space.”
The reasons for this increased threat are not hard to find. Software security giant Symantec, reports driving factors include the explosion of digitization and smart technology, growing inter-connectivity with the Internet of Things, and smarter cyber criminals. Furthermore, they predict that attacks on critical infrastructure will also rise.
As with all areas of crisis management, preparedness and prevention is the key. Cyber security expert Jens Krickhahn says research shows cyber incidents are often identified not by the business itself but by the customer or another stakeholder, which is another reason why cyber crises pose such a threat to the reputation. And if companies act only when an attack has already happened, their best possible outcome is to minimize damage.
The impact on individual organisations is massive, yet many are still woefully unprepared. The Allianz survey identified what is preventing companies from being better prepared against cyber risk, and the answer is depressingly predictable. Lack of understanding (48%); Haven’t yet fully analysed the financial value of the risk (46%); and Budgetary constraints (39%).
Google and McAfee estimate that there are 2,000 cyber-attacks every day around the world, costing the global economy about $460 billion a year. And of course only a handful of the most serious breaches ever make the headlines.
So, what can you do? Late last year the BBC’s Technology of Business unit canvassed cyber security experts about how organisations can be better prepared.
- Protect your data, not just the perimeter – identify and protect the priority data
- Know your data – understand what you have and directly attach multi-factor authentication and encryption
- Wake up to the insider threat – employees may be your greatest risk
- Increase vigilance – monitor systems more effectivel
- Get to grips with mobile – manage staff use of their own mobile devices for work purposes
- Spend more money and time on cyber security – it’s not just an IT problem
Let’s give the last word to John Stewart, CSO of Cisco: “You’re eventually going to be hit. It’s not worth the effort of thinking you won’t be hit. It’s no longer a relevant conversation”