The world is evolving, human-being conceptions are changing over time, the risks run by organizations are reflecting the new realities. Worldwide, in January 2021, we have 4.66 billion active internet users, which means 59.5 percent of the global population. Among the largest online markets in the world, the United States ranks third with over 313 million active internet users nationwide. Among this population of internet users, many are from organizations. The Internet has become a relevant tool for communication and interaction between companies. Further, the internet is a tool used for draining, gathering, and even storing data on clouds whereas they are from the organizations or their clients. Unfortunately, cyber risk has the aptitude of impacting negatively all the aspects of an organization, including its customers, employees, partners, vendors, assets, and reputation.
During the last decades, the observation is that many organizations could not operate without the internet. Besides, cybersecurity has become a prior goal for companies since cyber “cyber incidents have been ranked as the top business risk in the Allianz Global Risk Barometer 2020, knocking business interruption from a top spot it had held for seven consecutive years”. Many big firms have been victims of this type of criminality. eBay in May 2014 was a victim of an attack that impacted 145 million users and lasted for at least 229 days, enough time for compromising the user database. Fortunately, the financial information of their clients was stored separately which narrowed the consequences of the attack. Yahoo during the years 2016 and 2014 had been a victim also. In September 2016, Yahoo announced having been a victim of the “biggest data breach in the history”. Overall, Yahoo has been a victim of several attacks which compromised over 3 billion user accounts. During the period of the first announcement, Verizon was negotiating an acquisition of Yahoo’s core internet business for $4.48 billion. But the cyber-attack engendered an estimated $350 million off the value of Yahoo. Myspace also has wiped an attack after 360 million user accounts were sold on the dark web market. In the same list of big victims, we can highlight LinkedIn, Equifax, Twitter, Nintendo Easy Jet… Thus, companies are always facing cyber-attacks, and even governments; medical institutions, and the business sectors, no one is exempted in this kind of new war.
Organizations risk a lot with cyber incidents. We all know how companies’ reputation is important and we cannot estimate its value to them. A cyber incident can harm an organization, therefore, the need for politics to respond effectively to cyber risk will involve all the components of the companies.
These are the 4 key steps your organization can take to implement a robust cyber risk management strategy.
- Understand Your Risk Profile: Understanding your risk profile and potential exposure requires an enterprise-wide threat assessment.
- Identify critical enterprise risks to determine the applications, systems, databases, and processes subject to cyber risk. Consider the array of external and internal threats, from unintentional user error to third-party access to malicious attacks.
- Undertake risk assessments with all stakeholders to assess the likelihood and potential impact of cyber risk exposure, including cross-divisional and secondary effects and technology dependencies. Consider third-party exposure, as they have increasingly become vectors for cyber incidents, and the risk posed by the expanding technology perimeter due to work from home requirements.
- Quantify risks including the potential financial, operational, reputational, and compliance impact of a cyber risk incident. A risk scoring framework can help provide a more holistic ranking of threats.
- Set a Firmwide Strategy: Establish a firmwide strategic framework for cyber risk management
- Prioritize risks by employing a shared risk measurement framework and reporting systems to effectively prioritize risks across the organization and enable informed resource allocation.
- Consider industry-specific risk standards and incorporate any specific compliance requirements into your cyber risk management practice.
- Set and communicate an enterprise-wide IT and cyber risk management strategy. Technology infrastructure and application use is critical throughout every organization. Therefore, cyber risk exposure can occur in any division, making it an organizational priority, rather than an IT one.
- Invest in Cyber Risk Management Infrastructure
- Assess system requirements to understand where organizational cyber threats originate and provide a guidepost to the types of systems required. A distributed, cloud-based organization will have different needs from a physical asset intensive organization. Consider how your company currently operates to ensure that a GRC platform will accommodate evolving needs.
- Potential investment in GRC software or other cyber risk management tools should also consider risk reporting and incident management requirements, workflows, ease of use, flexibility, and future expansion capability.
- Establish a Dynamic Cyber Risk Management Process
- Establish robust oversight by maintaining an updated inventory of potential threats and dynamic quantification of the potential impact and mitigation costs of cyber incidents.
- Communicate with third parties to ensure their security protocols align with organizational standards and practices.
- Invest in Training – With rapid evolution of technology and related cybersecurity risks, cyber risk management is not a static, tick the box solution. Organizations can spend large sums on state of the art security infrastructure, but a truly effective cyber risk management program requires effective stakeholder training.
In my opinion, these threats don’t involve only the employees, it is more dangerous for the customers whose personal and financial data may end up in the wrong hands.
https://www.statista.com/statistics/617136/digital-population-worldwide/
https://www.cmmonline.com/news/top-10-business-risks-of-2021
https://www.keepnetlabs.com/the-biggest-data-breaches-in-the-first-half-of-2020/
https://www.logicgate.com/blog/grc-101-what-is-cyber-risk/
Hi Sow, I like what you wrote. Today technology becomes a much bigger and more lucrative target for cybercriminals. Cybersecurity efforts need to upgrade to prevent a second crisis from emerging on the digital devices and networks that have become infinitely more vital to companies in recent weeks. In just a single month, the world became far more digitally connected and vulnerable than ever.
Thank you for Sharing.