Cyber risks: Is your organisation prepared?
- UK cyber attacks have risen 40% in a year and the UK is now the European country targeted most by cyber criminals
- As valuable information is increasingly transferred to digital networks, organisations are becoming more aware of their exposure to cyber risks
- We offer some guidance on cyber crime and discuss how to build cyber resilience
The threat of cyber crime in the UK is increasing rapidly. A report by a leading cyber security firm has revealed that the UK is the country most frequently targeted by cyber criminals across Europe.
The same report found that cyber attacks have increased by 40% in the past year, while a quarter of respondents to another major study, the Global Economic Crime Survey 2016, said they had been affected by cyber crime in the past year.
Statistics like these demonstrate the scale of the cyber threat, highlighting that every size and type of organisation can be affected, from major corporations to small businesses, schools and charities.
Recently, a small family business in St Ives, Cambridgeshire, lost more than £26,000 after falling victim to a sophisticated email fraud, and UK charity, the National Childbirth Trust, apologised to 15,000 new and expectant parents after their registration details were accessed in a data breach. These scenarios demonstrate the varying nature of cyber threats and the associated risks.
Organisations still unprepared for cyber risks
While organisations are increasingly aware of their cyber vulnerabilities, evidence suggests they are not always doing as much as they could to build cyber resilience and prepare for a cyber incident.
The Global Economic Crime Survey 2016 found that while 53% of organisations believe the risk of cyber crime has increased over the past year (compared to just 5% who think it has declined), only 37% of organisations have a cyber incident response plan.
As organisations transfer more and more of what they value onto digital networks, they should be thoroughly evaluating the assets they may be putting at risk, and setting up measures to protect them.
The cumulative impact of cyber risks
Organisations must also understand the cumulative impact of cyber incidents, and their potential to disrupt every aspect of their operations and infrastructure.
For example, a data breach that results in somebody gaining unauthorised access to sensitive or personal information could affect an organisation in a variety of ways. In such a scenario, an organisation would have to:
- Take swift action to prevent any further unauthorised access to the sensitive information.
- Notify the victims of the data breach promptly.
- Assess whether any further vulnerabilities exist in their systems and take appropriate action to remedy them.
- Educate their people on how to prevent future breaches.
All of these steps would use up precious time and resources, particularly if the breach resulted in a need to restore the organisation’s reputation.
To mitigate the cumulative impact of cyber risk, organisations must make it a board-level priority, and ensure that it is not just seen as an IT issue.
Once it is a priority, organisations’ cyber strategies should be focussed not simply on identifying individual risks, but on developing resilience and protection as a key focus.
In order to develop cyber resilience, organisations can follow these five simple steps:
- Map critical data.
- Explain the importance of data security to employees.
- Develop a cyber incident response plan, ensuring regulators (such as the ICO) are notified where applicable.
- Review partners’ cyber security measures.
- Work with policy makers and regulators.
In a recent Zurich report, Lori Bailey, Global Head of Special Lines, discussed how organisations that have traditionally viewed cyber security as separate from other risks are now starting to see the wider picture.
She adds: “The goal should be to develop resilience and protection, because as cyber risks accumulate it becomes more difficult to anticipate them all.”