Definitions

Cyber risk is any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information systems.

Information system of a business includes all staff and management (including the board); business processes; business data and how it is structured; and IT hardware and software

Cyber-risks and management

For business managers, being 'hacked' is only one aspect of cyber-risk. Many kinds of cyber-risk can impact on a business and its management including:

  • Access to a company's bank accounts : e.g. via theft of bank passwords
  • Compromise of an organisation's IT to enable stealing of products
  • Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
  • Personal blackmail:, e.g. through access to personally sensitive information of managers, staff or clients
  • Theft of intellectual property: e.g. information about how to make or do something that a business has secret
  • Loss of competitive advantage through theft of critical confidential information of use to competitors
  • Political: e.g. compromise of confidential organizational information for political ends
  • Intelligence gathering: e.g.  information collection about a business,  its management, business processes and IT prior to bigger cyber-attack.
  • Denial of service attacks on a business's website, computers or telephones intended to stop an organisation doing business
  • Email hacks that reveal discussions between managers
  • Long term deep access attacks that provide 'backdoors' into a company's computers for ongoing information gathering to benefit the attackers
  • Cyber risks specific to travel (these are described in a separate article)...

Typically, and for convenience for the cyber-attacker, computers and the internet are often used to make the attack. However, many cyber-risks can result from physical interventions. For example, a disgruntled employee pulling the plug on a company's servers.

Take Aways for Managers

  • Managing cyber-risks is primarily a matter of business management decisions. It is the role of managers, executive and board.
  • The key aspects of cyber-risk management are managing business processes, staff activity,  and  business information.
  • Cyber-risks create losses via many aspects of a business. The 'hack' is only the tip of the iceberg of subsequent business losses
  • Technical IT-related cyber-security is only one part of the bigger cyber-risk management picture.

 

Are you cyber-secure? Don't leave it up to chance. For a full in-depth assessment of your level of risk and how to better secure your business from cyber attack call +61 (0) 434 975 848

 

Dr Terence Love
Director,
Design Out Crime and CPTED Centre

 

Resources - Cyber-Risks

https://www.theirm.org/knowledge-and-resources/thought-leadership/cyber-risk/

http://www8.hp.com/au/en/software-solutions/cyber-risk-report-security-vulnerability/

http://www.iii.org/sites/default/files/docs/pdf/paper_cyberrisk_2014.pdf

https://www.allianz.com/v_1441789023000/media/press/document/other/Allianz_Global_Corporate_Specialty_Cyber_Guide_final.pdf

http://www.asial.com.au/documents/item/113

http://www.comitemaritime.org/Uploads/Work%20In%20Progress/Cybercrime/JointHullCommittee_CyberRiskInformationPaper.pdf

https://share.ansi.org/khdoc/Financial+Management+of+Cyber+Risk.pdf

https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/technology/deloitte-uk-cyber-risk.pdf

http://www.minterellison.com/files/uploads/Documents/Publications/Reports%20Guides/RG_2016_Cyber-Report[150189].pdf

https://www.acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf