Recently there have been a slew of articles indicating executives are feeling slightly better about their cyber threat preparations and are expecting 2018 to be a bit less risky than the past several years. Then there was Russia, and the stunning amount of infiltration using social media. Those attacks were focused on our elections but could easily target corporations inflicting sustainable long-term damage to their brand.
According to Protiviti and North Carolina State University’s ERM Initiative’s report: Executive Perspectives on Top Risks for 2018, the rapid changes in disruptive technologies and cyber threats are focusing Senior Management teams and Boards on identifying and managing risk over the next 12 months.
Times are changing. Culture and resistance to change cannot stand in the way of the ability to rapidly adjust to new opportunities and new types of threats.
2017 saw historic levels of security breaches, with the Equifax data breach alone exposing personal data for 145+ million people. Their breach and the impact to their brand was discussed in every Board room. Is our infrastructure secure? Do we have enough focus on cyber threats? Could that happen to us?
Unfortunately, the answer is never definitive since the threats in a cyber world are more and more sophisticated with new vulnerabilities popping up all the time; many of which are employee-related and hard to defend.
I recently heard a CEO say that he would take a natural disaster any day over a cyber-attack. His reasoning was that cyber-attacks represent the “unknown.” He has sophisticated preparations with back up plans, offsite duplicate systems, and personnel plans to deal with most emergencies. It is very different to try and plan against something that is constantly attacking and morphing at the same time.
Now is the time to address the issue of cybersecurity. PwC estimates that by 2020, businesses will spend $7.5 billion for cybersecurity insurance. While insurance is critical for any organization, you can’t insure the integrity of your brand or the safety of your customers’ data.