The World Economic Forum’s (WEF) Global Risk Report 2018 lists cyber security breaches as one of the top global risks among business leaders in advanced economies. This is further underscored by a survey conducted by insurance broker Marsh and computer giant Microsoft. Of the more than 1,300 senior executives surveyed, 66% ranked cyber security among their organizations’ top five risk management priorities, which is about two times the response in 2016.
However, although awareness of this risk is growing and investment in cyber risk management is increasing, cyber is still under-resourced in comparison to the potential scale of the threat. Only 19% of the Marsh/Microsoft survey respondents stated they were “highly confident” in their organization’s ability to mitigate and respond to a cyber event, and only 30% said they have developed a plan to respond to cyber attacks.
This is disconcerting because of the devastation cyber threats can wreak. According to the WEF, analysis suggests that the takedown of a single cloud provider could cause $50 billion to $120 billion of economic damage — a loss somewhere between Hurricane Sandy and Hurricane Katrina. And while it’s not a true apples-to-apples comparison, the annual economic cost of cyber crime is now estimated at north of $1 trillion, a multiple of 2017’s record-year aggregate cost of approximately $300 billion from natural disasters.
Businesses need to not only rank cyber as a high risk but also estimate the financial impact of a cyber event on their organization in order to develop strategic plans and decide what cyber security and training investments should be made to stem potential losses. They also need to turn their attention to their resilience to cyber events, balancing preventative measures and their response in the event of an attack. Much like developing response plans for extreme weather events, companies need to have incident response plans that include the protocols and processes that organizations should follow in the event of a cyber attack. This is particularly salient as three-quarters of the respondents in the survey cited business interruption as one of the most worrisome consequences of a cyber-attack, and nearly 30% cited the potentially related disruption to their industrial systems or operational technology.
The bottom line is that organizations should view cyber risk management as a component of their overall enterprise risk management, supported by leadership, including the board of directors, and strong communication and information sharing among all stakeholders.
RPS specializes in providing businesses with Cyber insurance and risk management solutions. We can assist you in securing coverage for your clients.
Sources: WEF, Marsh