Could another 2008 recession be on its way?
April 16, 2014
Potential cyber threats could lead to a catastrophe comparable in size and in magnitude to the 2008 economic crisis.
Nobody wants to be hacked. But today, with our lives and infrastructure increasingly expected to be online, it’s becoming more and more of a reality and a risk that has the potential to turn into a worldwide crisis.
In 2013 alone, 740 million records were exposed in data breaches worldwide. That made 2013 the worst year ever for breaches. As an example, 93% of large businesses in the United Kingdom suffered a data breach in 2013, resulting in a different headline each week.
For the past year, Zurich Insurance and the Atlantic Council met with cyber experts and risk professionals across different industries to tackle this very issue. Their findings show that people, regardless of company size, need to focus on preparing for the inevitable — a security breach with massive potential.
The report states, “While societal reliance on the Internet grows exponentially, control only grows linearly, limited by outdated government procedures and ineffective governance. These system-wide cyber risks have largely been ignored. In some ways, this is strikingly similar to the financial sector’s disregard for similar system-wide risk prior to the 2008 financial crisis.”
As we all witnessed, it turned out a failure in one small part of the American mortgage market could lead to a global recession, the collapse of governments, a sovereign debt crisis requiring bailouts, and even fears for the future of the Euro and European Union.
Unfortunately, this is exactly how cyber professionals analyze risks today. They analyze cyber vulnerabilities one technology, one organization or one nation at a time, and face very real challenges as to how to keep them all protected.
Obviously, the Internet has been incredibly resilient (and generally safe) for the past decades. But with protection not keeping up with the speed of growth, it can present a real problem for any and everyone who keeps important information online.
Why Companies Are at Risk
When topics like this arise, our question is often, “How does this happen?”
Well, all too often companies outsource functions or information so it can focus on its core competencies and not worry about managing servers, IT processes and security. But, many times they know nothing of the information security or business continuity measures of the company to which they’ve outsourced. What’s worse is that portions of the work often get further outsourced as each individual company decides to focus on its core competencies.
One company might seek to mitigate risk by diversifying their outsourcing by working with four separate providers, only to find they all relied on the same cloud service provider, all rely on the same operating system, or all rely on the same Internet service providers.
With so many unknowns, it’s difficult, if not impossible, to adequately measure the resulting risk of this hyperconnectivity.
Imagine if one of these providers somehow suffered a “Lehman moment.” On Friday, the provider held the sensitive and critical data of thousands of companies; by Monday, everything was inaccessible or gone. The shock could be fatal for a company and send a catastrophic ripple through the real economy in ways difficult to understand, model, or predict beforehand.
So the real question becomes, how do we prepare for it?
The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.