Cyber risk is any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information systems.

Information system of a business includes all staff and management (including the board); business processes; business data and how it is structured; and IT hardware and software

Cyber-risks and management

For business managers, being 'hacked' is only one aspect of cyber-risk. Many kinds of cyber-risk can impact on a business and its management including:

  • Access to a company's bank accounts : e.g. via theft of bank passwords
  • Compromise of an organisation's IT to enable stealing of products
  • Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
  • Personal blackmail:, e.g. through access to personally sensitive information of managers, staff or clients
  • Theft of intellectual property: e.g. information about how to make or do something that a business has secret
  • Loss of competitive advantage through theft of critical confidential information of use to competitors
  • Political: e.g. compromise of confidential organizational information for political ends
  • Intelligence gathering: e.g.  information collection about a business,  its management, business processes and IT prior to bigger cyber-attack.
  • Denial of service attacks on a business's website, computers or telephones intended to stop an organisation doing business
  • Email hacks that reveal discussions between managers
  • Long term deep access attacks that provide 'backdoors' into a company's computers for ongoing information gathering to benefit the attackers
  • Cyber risks specific to travel (these are described in a separate article)...

Typically, and for convenience for the cyber-attacker, computers and the internet are often used to make the attack. However, many cyber-risks can result from physical interventions. For example, a disgruntled employee pulling the plug on a company's servers.

Take Aways for Managers

  • Managing cyber-risks is primarily a matter of business management decisions. It is the role of managers, executive and board.
  • The key aspects of cyber-risk management are managing business processes, staff activity,  and  business information.
  • Cyber-risks create losses via many aspects of a business. The 'hack' is only the tip of the iceberg of subsequent business losses
  • Technical IT-related cyber-security is only one part of the bigger cyber-risk management picture.


Are you cyber-secure? Don't leave it up to chance. For a full in-depth assessment of your level of risk and how to better secure your business from cyber attack call +61 (0) 434 975 848


Dr Terence Love
Design Out Crime and CPTED Centre


Resources - Cyber-Risks[150189].pdf