On a daily basis we hear media reports of yet another organisation becoming the victim of a cyber-attack. Usually it’s the loss of corporate data, intellectual property or customer’s personal and or financial data.
The consequences have varied from regulatory fines and reputational loss, through to the ceasing trading of a business. We know that cyber criminals can infiltrate an organisations’ system for days, or even years, without being caught.
Business and government need to understand:
- where the key cyber risks exist within the organisation
- how to detect them
- how to protect themselves from this threat balanced with the right level of cost organisation
Digital technologies, including the projects and services delivering eGovernment have brought great benefits and offer enormous opportunities, but they expose organisations and users to significant risks.
Problems can arise from online systems, whether this is because of human error (the ‘carbon element’), deliberate wrongdoing or some other form of system failure. Governments and regulators are increasingly calling on organisations to take immediate action to protect online assets.
Risk management
Those responsible for risk management need to have a full understanding of the nature of risks, and the practical tools and techniques to address them.
Increasingly, regulators, data subjects and investors will expect organisations to provide information on their online assets, integrated with an overall consideration of risk exposure.
Cyber risk doesn’t just concern the Information Services (IS) department, although they play a vital role. Human and organisational factors are as important as the right hardware and software.
Cyber risk
Cyber risk is the risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. Such a risk could develop in the following ways:
- deliberate and unauthorised breaches of security to gain access to information systems for the purposes of espionage, extortion or embarrassment
- unintentional or accidental breaches of security, which may still constitute as an exposure that needs to be addressed
- operational Information Services risks due to poor system integrity or other factors
We should not only be concerned with these things happening to us directly, but also consider the effects on the organisation if a partner or supplier is affected or found to be at fault.
Part 2 of this blog will look at the opportunities available and what questions we should ask about cyber risk.
Cyber risk and security: Part 2