Cyber Risk ConsultingThe Cyber Criminal is the wolf at the chicken coop with an open door.
In terms of operational risk to organisations today, cyber risk (including digital risk) is the most discussed and with good reason. The opportunity facing cyber criminals is tremendous in view of the potential rewards and all too often, the ease of accessing a company’s crown jewels because of lax cyber security both electronic and employee related.
The costs to organisations from cyber crimes are increasing exponentially with the current average cost to an organisation already well in excess of $10 million. The impact on reputation, customer and regulator confidence, finances and share price can be devastating. Equally damaging are internal IT and data related failures where no criminals are involved and it is essential that organisations properly address both categories.
Key cyber risks can be either deliberately or accidentally caused through:
- Loss of data or corruption of data;
- Theft of data and it’s subsequent misuse;
- Failure or corruption of essential IT platforms, systems and processes.
Key causes of cyber loss are from:676
- Attack by external parties;
- Employees and other internal parties to the company;
- Business partners of the company;
- Internal faults in hardware or software.
Physical protection of key IT systems and data, as well as firewall, encryption, password and other electronic defences are essential, but also there are many compliance and cultural aspects that need to be fully deployed within an organisation to keep ahead of the criminals and remove vulnerability.
Whilst companies can mitigate their losses with insurance, the insurance response and coverage is complicated and inconsistent as insurers try to come to terms with these fast evolving exposures and the potentially massive sums that can be claimed through loss. Furthermore the reputational damage and regulatory impact to a company can be much more devastating and long term than more standard insurable losses, which reinforces the critical importance of risk assessment, robust defence and proper human resource management and training.
Working with our Cyber Risk Consulting partner, Pragma who are also based in Singapore, RACSAP can help organisations understand these risks and help to assess existing cyber defences and ensure that the correct approach to data management and control, hardware and software evaluation and maintenance, compliance, employee behaviour and other relevant factors is deployed. This includes helping to assess the available insurance solutions and the residual risks to organisations.
Ultimately the buck stops with the management of the company and it is their responsibility to ensure that as much as feasibly possible is done to protect the organisation from these potentially devastating risks. There is no doubt that the headlines of the world media will continue to be filled with cyber attacks, data failures and their catastrophic consequences.