Skip to main content

Cybersecurity should be a board room topic, so why isn’t it?

In the land of lies, damned lies and statistics, the insurance industry may be one of the more trustworthy sources. After all, it is founded on maths, its actuarial background built into every policy and claim. As purveyors of protection against all risks, insurers cares less about which risks are more important, and more about the relationship between premiums and pay-outs. Indeed, getting this equation wrong is potentially the biggest risk the industry faces.

So, when insurance giant Allianz reports that cybersecurity is the second most important business risk, according to over 1,900 respondents globally, we would do well to sit up and listen. To put this in context, over the past five years it has climbed from 15th position, so why? First and simply, the number and complexity of cyber attacks is growing. This is to be expected, as it mirrors technology’s increasing impact and complexity: the bad things are dark mirrors of the good.

The organization also cites GDPR as a significant driver, not in causing breaches but in how they may result in a conssiderable fines. “Many businesses are waking up to the fact they have potential vulnerabilities, and the realization that privacy issues create hard costs will emerge fairly quickly once GDPR is implemented,” says Emy Donavan, Global Head of Cyber at Allianz Global Corporate & Specialty (AGCS).

But wait, there is more to this. The Allianz survey is global, across 80 countries. An appendix shows how Nigeria sees theft and fraud as the biggest cause of business risk, while in Croatia it is legislative change, and so on. In the USA and UK meanwhile, as well as Austria, Belgium, Brazil, Australia, India, South Africa and Singapore, cyber incidents take top spot in the risk charts. Cyber is the number one risk in the Media, Financial Services and Legal, and indeed the Technology and Comms sectors. It’s also top risk for mid sized companies.

And, to cap it all, let’s just look at the number one business risk — business interruption (BI). “ Whether it results from factory fires, destroyed shipping containers, or, increasingly, cyber incidents, BI can have a tremendous effect on a company’s revenues.” What’s that you say, cyber incidents is one of the main causes of the main business risk? Indeed, it’s the first in the list, according to respondents, before fire/explosion or natural catastrophe.

In other words, while cyber incidents pose a significant challenge by themselves, their consequences can be even greater— it’s difficult to escape the conclusion that cybersecurity should be a boardroom topic right now. The good news is, organizations large and small are well aware of the challenge, are they not? Well, no, says AGCS UK CEO, Brian Kirwan. “Far from being over-hyped, the threat is under-appreciated and not always well understood.”

I’m not sure any additional comment is required, other than that the conundrum around cybersecurity remains as astonishing as ever. Behind the figures lies a simple truth, that business continuity today means data continuity. While no person is indispensable in an organization, take away its sensory capabilities and you render it useless.

On the upside, and rightly so, insurance companies such as Allianz do have insurance products, and indeed whole practices, to help organizations protect themselves against such risks. But this is missing the point. While it is difficult to get a clear answer (that’s the nature of denial) the corporate position still appears to be that dealing with cyber-threats is too complicated to address, so we’ll all just cope with the consequences.

This frontier town attitude never worked, and it is going to become even less viable really soon. We are at the start of a wave of machine learning, which will grow rapidly in scale over the next few years: you don’t have to be a guru to work that one of the softest targets for semi-intelligent bots will the highly vulnerable defences many organizations still have around their data centers. Corporate psychology will shift quickly from hoping cyber incidents will happen to somebody else, to finding that the paltry and permeable protections have already been breached.



from Gigaom https://gigaom.com/2018/01/24/cybersecurity-should-be-a-board-room-topic-so-why-isnt-it/
Labels:

Comments

Post a Comment

Popular posts from this blog

Who is NetApp?

At Cloud Field Day 9 Netapp presented some of its cloud solutions. This comes on the heels of NetApp Insight , the annual corporate event that should give its user base not just new products but also a general overview of the company strategy for the future. NetApp presented a lot of interesting news and projects around multi-cloud data and system management. The Transition to Data Fabric This is not the first time that NetApp radically changed its strategy. Do you remember when NetApp was the boring ONTAP-only company? Not that there is anything wrong with ONTAP of course (the storage OS originally designed by NetApp is still at the core of many of its storage appliances). It just can’t be the solution for everything, even if it does work pretty well. When ONTAP was the only answer to every question (even with StorageGrid and EF systems already part of the portfolio), the company started to look boring and, honestly, not very credible. The day the Data Fabric vision was announced
Post a Comment
Read more

Inside Research: People Analytics

In a recent report, “ Key Criteria for Evaluating People Analytics ,” distinguished analyst Stowe Boyd looks at the emerging field of people analytics, and examines the platforms that focus on human resources and the criteria with which to best judge their capabilities. Stowe in the report outlines the table stakes criteria of People Analytics—the essential features and capabilities without which a platform can’t be considered relevant in this sector. These include basic analytic elements such as recording performance reviews, attendance monitoring, and integration with other HR tools. The report also defines the key criteria, or the features that actively differentiate products within the market and help organizations to choose an appropriate solution. These criteria include: Full employee life cycle tracking Support for different employee types (seasonal or freelance workers) Employee surveys Diversity and inclusion monitoring Stowe also looks at the rapid innovation and em
Post a Comment
Read more