Cyber risk is any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information systems.
Information system of a business includes all staff and management (including the board); business processes; business data and how it is structured; and IT hardware and software
Cyber-risks and management
For business managers, being 'hacked' is only one aspect of cyber-risk. Many kinds of cyber-risk can impact on a business and its management including:
- Access to a company's bank accounts : e.g. via theft of bank passwords
- Compromise of an organisation's IT to enable stealing of products
- Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
- Personal blackmail:, e.g. through access to personally sensitive information of managers, staff or clients
- Theft of intellectual property: e.g. information about how to make or do something that a business has secret
- Loss of competitive advantage through theft of critical confidential information of use to competitors
- Political: e.g. compromise of confidential organizational information for political ends
- Intelligence gathering: e.g. information collection about a business, its management, business processes and IT prior to bigger cyber-attack.
- Denial of service attacks on a business's website, computers or telephones intended to stop an organisation doing business
- Email hacks that reveal discussions between managers
- Long term deep access attacks that provide 'backdoors' into a company's computers for ongoing information gathering to benefit the attackers
- Cyber risks specific to travel (these are described in a separate article)...
Typically, and for convenience for the cyber-attacker, computers and the internet are often used to make the attack. However, many cyber-risks can result from physical interventions. For example, a disgruntled employee pulling the plug on a company's servers.
Take Aways for Managers
- Managing cyber-risks is primarily a matter of business management decisions. It is the role of managers, executive and board.
- The key aspects of cyber-risk management are managing business processes, staff activity, and business information.
- Cyber-risks create losses via many aspects of a business. The 'hack' is only the tip of the iceberg of subsequent business losses
- Technical IT-related cyber-security is only one part of the bigger cyber-risk management picture.
Are you cyber-secure? Don't leave it up to chance. For a full in-depth assessment of your level of risk and how to better secure your business from cyber attack call +61 (0) 434 975 848
Dr Terence Love
Design Out Crime and CPTED Centre
Resources - Cyber-Risks