Running a business is as much the management of risk as the accessing of opportunity.
There’s operational risk, financial risk, regulatory and compliance risk, strategic risk, reputational risk, business interruption risk to name a few. Then there is cyber risk, which is top of mind for businesses, according to the 2019 Allianz Risk Barometer.
Indeed Allianz said, “for the first time, cyber incidents is neck-and-neck with business interruption … with the two risks increasingly interlinked, reflecting the magnitude of the threat now posed by a growing dependence on technology and the malicious actions of nation states and criminals”.
The result Allianz said, citing the Centre for Strategic and International Studies, is that worldwide cybercrime costs have risen to $600 billion per year, up from $445 billion in 2014. In comparison, natural catastrophes run at an average of $208 billion per annum.
The pace at which cybercrime has become prevalent has left businesses struggling to cope, according to Tom Teixeira, Jamie Gale, Immanuel Kemp, and Mandeep Dhillon from management consulting firm Arthur D Little.
In a recent report, they said companies tend to focus on either technology or risk, rather than taking a holistic approach. The result is companies are “failing to protect businesses and their customers”.
Given that cyber breaches could cause “loss or reputation or brand value,” which comes in at number 9 in the Allianz risk barometer for 2019, this is extremely important for companies to manage in a better way.
Teixeira and his co-authors said there is an increase in both sophisticated and unsophisticated attacks – many of which hit the target because companies don’t properly introduce or follow protocols to reduce the chance of penetration or quickly mitigate the impact.
As a result of this failure, the authors said, new thinking needs to be followed, which combines skills from both the technology sector along with risk management expertise.
This will allow a focus on:
- “A data-led method, which can rapidly and continuously identify anomalies and attacks.
- Clarity of business risks and their underlying causes and impact, along with a means of mitigating financial and reputational consequences.
- Evolving the operating model and mind-set to protect the long-term interests of the company and customers.”
Teixeira and his colleagues said there are 3 steps that companies can follow to quantify the total cost of risk.
They said a company needs to:
Define the total cost, which will include things like looking at what risks to retain and the associated costs, what costs flow from mitigating risks such as building the tech required, and the costs of transfer risks through insurance. There’s also the cost of doing all of the above from an internal administrative and resourcing point of view.
Using technology and data to rapidly and continuously assess the threat landscape is a critical next step, the authors said, which “enables organisations to begin gathering valuable insight within hours, rather than days or weeks”.
Through this approach – which the authors said can be deployed in a day – companies can create solutions which “provide continuous threat assessment, highlighting not only new and emerging threats and vulnerabilities, but also changes in staff behaviour”. This, in turn, will help identify “the underlying causes within risk exposure” and identify key risk indicators.
Getting the right technological model in place sounds like an obvious statement, but Teixeira and his co-authors said it is crucial and often not implemented. They noted “human and organisational elements can be barriers to safeguarding a business” and as a result, if they are not addressed, companies end up with “little improvement in your ability to prevent attacks”.
They said it’s also important to understand and address the perception and capability gaps between what managers think is the situation and what an operational assessment and data show to be the case.
Ultimately, it is necessary for organisations to implement stronger processes to manage the cyber risks in their businesses, investing smartly and creating a holistic approach to ensure long-term protection.
Business Insider Emails & Alerts
Site highlights each day to your inbox.