Cyber Risk 

Cyber risk is now a major threat to businesses. With digital technologies, devices and media – the way we conduct our business has changed and companies now face new exposures which can materially impact their operations .

What Is Cyber Crime?

Cyber crime is the use of computer networks and devices to commit offences against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or to cause financial harm.

What Does “Cyber Risk Mean?

‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. 

As companies become increasingly reliant on digital platforms, it provides hackers with an abundance of different avenues in which to execute cyber crime.  Some of the the biggest threats to businesses in 2017 are:

  • Email phishing are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers
  • Social Engineering is the art of manipulating people to give up confidential information or for financial gain. Cyber criminals exploit your natural inclination to trust people. Common social engineering scams are email from a friend or work colleague, baiting and a response to a question or problem that you never had.
  • Ransomware is a type of malware that blocks or limits access to your computer or files, and demands a ransom be paid to the scammer for them to be unlocked. Ransomware was the #1 security concern for businesses in 2016
  • Cloud based platforms: As more businesses utilise cloud based platforms and software, so will the attacks on them

Hackers are indiscriminately choosing their victims. It’s not a matter of who they are targeting but what they are targeting…your money and data.

It won’t happen to my business…

All types and sizes of organisations are at risk, not only high profile names which make the headlines. 

Cyber crime is on the rise and small businesses are increasingly becoming the target of hackers due to their lack of cyber security budget.

Symantec’s 2016 Internet Security Report shows that small businesses have become a big target for phishers. Last year, phishing campaigns targeted small businesses 43% of the time.

Symantec reports that 1 in 40 small businesses are at risk of being the victim of a cyber crime.

That pales in comparison to the 1 in 2 large businesses which are targeted every year- multiple times- with a cyber attack.

How does a cyber attack affect my business?

A cyber attack or cyber incidental can have operational and regulatory consequences. Including:

  • loss of critical data
  • loss of customers due their personal information being stolen
  • theft and extortion
  • adverse media coverage/damage to reputation
  • loss of trade secrets/confidential information
  • negative impact on share price
  • business interruption and loss of profits
  • restoration and remediation costs to restore network
  • regulatory actions and associated fines and penalties
  • legal actions against Directors & Officers

How Can I Manage These Risks?

There is no silver bullet solution for cyber security. It is a complex risk in a forever-changing environment. A robust risk management approach is the best way to reduce the severity of a cyber attack when it happens.

Plan & Prepare:

  • Assign primary responsibility for incident response in your organisation, having monitoring in place to assess the environment for cyber security threats, identify critical systems and understand what type of support your IT service providers offer. Put in place a business continuity and incident response plan and review it at regular intervals.
  • Educate and train staff on data management policies, privacy protection and how to handle suspect emails

Respond:

Assess how quickly you can access resources key to mitigate an incident and ensure you have the ability to identify and isolate an affected workstation or server.

Report:

Understand your legislative requirements and obligations for incident reporting and have procedures in place to provide information and reporting to relevant parties during an incident under the new mandatory breach notification legislation.

Speak to your CMX risk specialist about how we can help with your risk management plan