The cyber threat is producing some alarming statistics. A report by Aon found that annual global cyber losses are expected to reach $6 trillion (R88 trillion) by 2021, with cybersecurity spending set to exceed $1 trillion cumulative in the five years leading up to 2021.
The report released on Tuesday stated that organisations were starting to see the significant financial impact of non-compliance with data privacy and the General Data Protection Regulation (GDPR).
The UK Information Commissioner’s Office (ICO) issued a notification of intention to impose a £183 million (R3.3 billion) fine on British Airways in July. The US Federal Trade Commission (FTC) issued a $5 billion civil penalty against Facebook for violations of an earlier FTC order.
Businesses also face financial loss in the form of immediate crisis expenses and lost revenue resulting from an attack stopping the business from trading or disrupting core operations.
Client Manager: Cyber Solutions at Aon South Africa Zamani Ngidi said as organisations grew their footprint they were also essentially increasing the likelihood of a cyber breach and also its impact, as the amalgamation and expansion of information technology infrastructure exposed an organisation to more points of entry.
“The general trend globally, specifically to cyber risks, is that organisations do not understand their biggest cyber risks and the implications they have for operations and the balance sheet,” said Zamani.
While the immediate financial costs of a cyber-attack can be crippling for a business, the report stated that of equal or even greater concern was damage to a business’s reputation.
The reputational crisis resulting from an attack can erode a company’s market value, destroy brand loyalty, limit companies’ digital transformation efforts and even lead to a credit-rating downgrade. An effective cyber resilience strategy can help mitigate both immediate and long-term financial losses.
A study conducted by Pentland Analytics and Aon found that a company’s preparedness to mitigate reputational risk and its management’s behaviour in the immediate aftermath of a crisis could have a notable impact on short- and long-term share price reaction.
Chief executive of risk consulting and cyber solutions EMEA, Aon Onno Janssen said some companies still did not fully understand the impact a cyber-attack could have on a business.
“Understanding the worst-case scenarios and their impact to a business is crucial to developing an effective resilience strategy in which cyber is managed as an enterprise-wide risk across the entire organisation,” said Janssen.
Specialist Sales Executive: Security, at T-Systems South Africa Lukas van der Merwe said the development of IoT had seen the advent of a multitude of smart devices that were connected to the Internet, which traditionally ran on closed and secure Operational Technology (OT) networks.
“This can impact an organisation’s risk profile, as these devices are open to a number of new vulnerabilities. Ultimately, the implications of a cyberattack could range from shutting down a small manufacturing plant to affecting power distribution across half of the country,” he said.
The Aon report outlines four steps to building a cyber resilient organisation:
- Take it from the top – Cyber risk management must be an enterprise-wide effort, but accountability needs to sit at the very top of the organisation, with the board understanding the costs and consequences of a cyber attack.
- Unite your business – Cyber risk is not just an IT security issue; it is a threat to the whole enterprise. It calls for a multi-discipline, multi-level response that involves every relevant stakeholder within the business.
- Get ahead of the game – Businesses can no longer rely on bringing in a response team after an attack. Incident-response training is critical in preparing organisations for a cyber-attack and scenario-planning helps to understand operational vulnerabilities and threats.
- Protect your balance sheet – Firms should look at how they are leveraging available risk transfer opportunities. Cyber insurance can help protect an organisation’s balance sheet by providing a financial pay-out after things have gone wrong and providing pre-loss prevention and post-loss services.