From a cyber-risk perspective there are just two types of business: 

"Those that have been hacked and those that will be hacked"

Cybersecurity impacts extend via managers and the executive to the boardroom.

Cyber-risks and the extent of cyber-losses are now more to do with the management of business processes and staff than with IT security only.

Definitions

Cyber risk is any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information systems.

Information system of a business includes all staff and management (including the board); business processes; business data and how it is structured; and IT hardware and software

Cyber-risks and management

For business managers, being 'hacked' is only one aspect of cyber-risk. Many kinds of cyber-risk can impact on a business and its management including:

  • Access to a company's bank accounts : e.g. via theft of bank passwords
  • Compromise of an organisation's IT to enable stealing of products
  • Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
  • Personal blackmail:, e.g. through access to personally sensitive information of managers, staff or clients
  • Theft of intellectual property: e.g. information about how to make or do something that a business has secret
  • Loss of competitive advantage through theft of critical confidential information of use to competitors
  • Political: e.g. compromise of confidential organizational information for political ends
  • Intelligence gathering: e.g.  information collection about a business,  its management, business processes and IT prior to bigger cyber-attack.
  • Denial of service attacks on a business's website, computers or telephones intended to stop an organisation doing business
  • Email hacks that reveal discussions between managers
  • Long term deep access attacks that provide 'backdoors' into a company's computers for ongoing information gathering to benefit the attackers
  • Cyber risks specific to travel (these are described in a separate article)...

Typically, and for convenience for the cyber-attacker, computers and the internet are often used to make the attack. However, many cyber-risks can result from physical interventions. For example, a disgruntled employee pulling the plug on a company's servers.

Take Aways for Managers

  • Managing cyber-risks is primarily a matter of business management decisions. It is the role of managers, executive and board.
  • The key aspects of cyber-risk management are managing business processes, staff activity,  and  business information.
  • Cyber-risks create losses via many aspects of a business. The 'hack' is only the tip of the iceberg of subsequent business losses
  • Technical IT-related cyber-security is only one part of the bigger cyber-risk management picture.

 

Are you cyber-secure? Don't leave it up to chance. For a full in-depth assessment of your level of risk and how to better secure your business from cyber attack call +61 (0) 434 975 848

 

Dr Terence Love
Director,
Design Out Crime and CPTED Centre

 

Resources - Cyber-Risks

https://www.theirm.org/knowledge-and-resources/thought-leadership/cyber-risk/

http://www8.hp.com/au/en/software-solutions/cyber-risk-report-security-vulnerability/

http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf

https://www.allianz.com/v_1441789023000/media/press/document/other/Allianz_Global_Corporate_Specialty_Cyber_Guide_final.pdf

http://www.asial.com.au/documents/item/113

http://www.comitemaritime.org/Uploads/Work%20In%20Progress/Cybercrime/JointHullCommittee_CyberRiskInformationPaper.pdf

https://share.ansi.org/khdoc/Financial+Management+of+Cyber+Risk.pdf

https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/technology/deloitte-uk-cyber-risk.pdf

http://www.minterellison.com/files/uploads/Documents/Publications/Reports%20Guides/RG_2016_Cyber-Report[150189].pdf

https://www.acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf