AON, 2019 Cyber Security Risk Report: "With great opportunity comes great risk"
The world is advancing digitally rapidly in more and more industries. This tech-revolution opens a wide space for cyber attackers to exploit, creating all sorts of problems in enterprises' operational process. It can be said that the increase in technological development is directly proportional to an increase in exposure to cyber attacks. "As we use technology to speed up transfers of information, it creates amazing opportunity and potentially greater risk," wrote AON in their report.
AON identified 8 cyber risk factors likely to occur:
- Technology - Assets became more connected to Internet, making them easier to access for a skilled hacker. Online newspapers, databases and autonomous vehicles are a few examples of potential targets for cyber attackers. Companies must consider proper protection on these types of assets.
- Supply Chain - In 2018, 59% of companies from the U.K. and U.S. said they've experienced a data breach via a third party, and only 35% of them rate their security programs as effective.
- IoT - IoT (Internet of things) can refer to a wide palette of devices, from printers and video projectors to building-incorporated sensors and security cameras. According to a survey made by the Ponemon Institute, 52% of the surveyed companies said they owned at least 1,000 IoT devices, while the average real number was above 15,000 IoT devices. Every device can become a potential security threat for a company at some point if it is not properly managed.
- Business Operations - The activity of a company can easily be shut down by a malware/ ransomware infection. While extensive connectivity can increase operational efficiency, it can indirectly increase exposure to cyber attacks. In 2017, WannaCry ransomware attack bricked over 230,000 computers worldwide by encrypting all their data and demanding Bitcoin payments from their users to unlock their files.
- Employees - Technology continues to be part of almost every job's function, from the CEO to an intern. Human error, excessive privilege, shadow IT, phishing links or malevolent employee behavior are all ways a single employee can interrupt an entire corporation's activity.
- Mergers & Acquisitions - In 2018, total mergers and acquisitions level reached almost USD 4 trillion, the highest level in the past 4 years. If a big company purchases a smaller one, it can automatically take the other one's vulnerabilities.
- Regulatory - Governments took steps towards implementing cyber security requirements for businesses. This is a welcome initiative, but it is believed that too many regulatory changes at once, in terms of cyber security, can cause companies to adopt a "check-the-box" mentality and choose poor security solutions for their business, just to avoid a penalty. Companies must be vigilant not just about cyber threats, but about cyber regulations as well.
- Board of Directors - Boards must focus and set a strong tone for the company, not only for actions taken after a cyber incident, but also for proactive preparation and planning. Three of four heads of companies surveyed by BDO Center said they are more committed to implementing cyber security plans in their own business that a year before.
"Our 2019 report also shows that organizations must recognize the need to share threat intelligence across not only their own network but with others as well. While it may seem counterintuitive when thinking about cyber security, collaboration within and across enterprises and industries can keep the private data of companies and individuals safer. Working together can improve efforts to hunt hackers, while also raising the bar and making all parties more prepared for the inevitable day when a disruption does happen," added HOGG.
AON is a global company specialized in providing services for a wide spectrum of risks, retirement and health solutions. AON's Cyber Solution branch offers services for unveiling and quantifying potential cyber risks, as well as protective methods and recovery solutions for cyber incidents.
For a more detailed description of the mentioned cyber risks, you can access the AON's report here.