Chief risk officers and heads of operational risk responded to a survey held by Risk.net and identified their top risk concerns. Their number one concern was IT disruption, while their second highest concern was data compromise. Why is cybersecurity risk on everyone’s mind?
For one thing, technology is an inescapable reality of every business. Even the smallest of mom and pop shops have an electronic system to make credit card transactions, while larger corporations rely on immense data centers to safeguard thousands to millions of personal records. As technology continues to permeate throughout the business world, cybersecurity risk will start to creep to the top of the list.
But what are the risks associated with cybersecurity and what impact do they have on the average business?
There are of course cybersecurity risks like system downtime, human error, and other business continuity concerns that can cause a costly domino effect on other parts of the business. There is also the risk of regulatory non-compliance which can result in lofty financial damages. But what about the less tangible effects of IT disruption and data compromise, such as reputational damage?
According to a study by PwC, 60% of consumers hold the companies who collect their data wholly responsible for its protection. 87% of consumers say they will take their business elsewhere if they don’t believe a company is handling their data responsibly. These statistics show that the public’s expectation for data protection is extremely high. Therefore, there is a large potential for reputational fallout.
Advances in technology have not only increased cybersecurity risks, but have connected consumers, investors, and regulators – the three constituents that stand to greatly impact a business. Consumers have leveraged social media and fast-paced news outlets to make their expectations clear. Investors can now be immediate witnesses to consumer outrage when expectations are not met, which in turn affects their investment behavior. Regulators and law makers, while not as quick to react to scandal, are also on the watch and are ready to ramp up any means necessary to protect their citizens’ rights.
Check out our infographic on LogicManager.com for more facts and figures about how cybersecurity impacts businesses and their reputations.
Although the facts and figures surrounding cybersecurity risk are daunting, there is good news. We believe 100% of cyber attacks are entirely preventable with an effective cybersecurity risk management program and infrastructure.
Here are some steps your company can take to get ahead of cybersecurity risk:
Backing up data with off-site servers is widely considered a best practice. Every organization and industry must determine the optimal frequency and scope of data backups, which depends on the type of information being handled.
Studies have shown that anywhere from 10-15% of critical organizational data – scheduled for backups – is not actually backed up due to preventable, operational errors. Without backup verification, ransomware attacks can have an enormous impact on business continuity.
Employees around the world are using computers that simply need to be updated. Your security team likely assesses and approves patches and updates on a regular basis. However, are implementations regularly verified? As many as 30% of patches fail to deploy. Without governance (in this case, regular reviews of actual patch deployment), you might have an inaccurate understanding of which vulnerabilities are covered.
Most organizations have internal password policies, but not an efficient way to operationalize them. Automated governance tasks – such as monitoring the percentage of employees maintaining access rights policies – is an essential to staying ahead of cybersecurity risk.
Without regular monitoring, the evolution of employee roles and organizational structure can lead to unnecessarily high risk exposure. The technology to accomplish this step exists at most every organization. Usually, the missing component is effective governance in the form of recurring risk assessments and control monitoring.
Taking these simple steps will put your company at a huge advantage. It’s often the case that hackers aren’t trying to spend inordinate amounts of time and energy to break into a secure system; they’re looking for the lowest hanging fruit. When it comes to cybersecurity, you don’t have to outrun the bear.
While cybersecurity is and will continue to be top of mind for companies and consumers alike, risk managers should take comfort in the fact that there is a solution. Better yet, the solution doesn’t entail huge investments in technology; rather, all it requires is good governance and a proactive mindset.
This article was originally posted on LogicManager.com