Cyber risks: The need for a coordinated response
Article information and share options
There is still an air of science fiction about the whole concept of cyber risk. This is partly due to the improbable-sounding stories circulating to gain people's attention. It's hard to imagine someone controlling your car from a laptop, even if it could happen. Then there's the terminology, what is spear-phishing for example? It's something you can find out easily enough, but how many people have the time to do that in today's corporate world.
The upshot of the mystery covering all things cyber is that companies tend to see the cyber threat as an issue for IT. As a result, there is a lack of cohesion in the response to the cyber threat as executives simply wait for updates from their IT departments. Then when they receive information, they may not fully understand its significance if it doesn't have a clear connection to the business model.
A survey conducted by Swiss Re and IBM® into the corporate perspective on cyber risks revealed that most companies still adopt an ad-hoc response to the cyber threat. This is dangerous in a number of ways. For a start, it fails to promote information-sharing across departments, so if an employee detects a threat and contains it the other staff may not realise that anything happened. It also suggests that these companies don’t make any particular effort to sensitise their staff to cyber risks.
Chief risk officers (CROs) must work across functions to achieve a cyber risk strategy embedded in risk management planning from board level through to the staff. To quote one senior risk manager who responded to the survey: "Cyber risk management is not solely an IT department issue. It requires a broader approach to ensuring protection of all information assets."
When the corporate world has properly integrated the cyber dimension into its SWOT analysis, risk landscape etc. the whole mystery surrounding cyber risks will disappear. That's when companies will really be able to focus on risk mitigation.
A data breach doesn't mean game over. After a cyber-attack we get you back in business.
Learn more about our Cyber insurance solutions.