Design Out Crime and CPTED Centre

Definitions

Cyber risk is any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information systems.

Information system of a business includes all staff and management (including the board); business processes; business data and how it is structured; and IT hardware and software

Cyber-risks and management

For business managers, being 'hacked' is only one aspect of cyber-risk. Many kinds of cyber-risk can impact on a business and its management including:

Access to a company's bank accounts : e.g. via theft of bank passwords
Compromise of an organisation's IT to enable stealing of products
Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
Personal blackmail:, e.g. through access to personally sensitive information of managers, staff or clients
Theft of intellectual property: e.g. information about how to make or do something that a business has secret
Loss of competitive advantage through theft of critical confidential information of use to competitors
Political: e.g. compromise of confidential organizational information for political ends
Intelligence gathering: e.g. information collection about a business, its management, business processes and IT prior to bigger cyber-attack.
Denial of service attacks on a business's website, computers or telephones intended to stop an organisation doing business
Email hacks that reveal discussions between managers
Long term deep access attacks that provide 'backdoors' into a company's computers for ongoing information gathering to benefit the attackers
Cyber risks specific to travel (these are described in a separate article)...

Typically, and for convenience for the cyber-attacker, computers and the internet are often used to make the attack. However, many cyber-risks can result from physical interventions. For example, a disgruntled employee pulling the plug on a company's servers.

Take Aways for Managers

Managing cyber-risks is primarily a matter of business management decisions. It is the role of managers, executive and board.
The key aspects of cyber-risk management are managing business processes, staff activity, and business information.
Cyber-risks create losses via many aspects of a business. The 'hack' is only the tip of the iceberg of subsequent business losses
Technical IT-related cyber-security is only one part of the bigger cyber-risk management picture.

Are you cyber-secure? Don't leave it up to chance. For a full in-depth assessment of your level of risk and how to better secure your business from cyber attack call +61 (0) 434 975 848

Dr Terence Love
Director,
Design Out Crime and CPTED Centre