Nobody wants to be hacked. But today, with our lives and infrastructure increasingly expected to be online, it’s becoming more and more of a reality and a risk that has the potential to turn into a worldwide crisis.
In 2013 alone, 740 million records were exposed in data breaches worldwide. That made 2013 the worst year ever for breaches. As an example, 93% of large businesses in the United Kingdom suffered a data breach in 2013, resulting in a different headline each week.
For the past year, Zurich Insurance and the Atlantic Council met with cyber experts and risk professionals across different industries to tackle this very issue. Their findings show that people, regardless of company size, need to focus on preparing for the inevitable — a security breach with massive potential.
The report states, “While societal reliance on the Internet grows exponentially, control only grows linearly, limited by outdated government procedures and ineffective governance. These system-wide cyber risks have largely been ignored. In some ways, this is strikingly similar to the financial sector’s disregard for similar system-wide risk prior to the 2008 financial crisis.”
As we all witnessed, it turned out a failure in one small part of the American mortgage market could lead to a global recession, the collapse of governments, a sovereign debt crisis requiring bailouts, and even fears for the future of the Euro and European Union.
Unfortunately, this is exactly how cyber professionals analyze risks today. They analyze cyber vulnerabilities one technology, one organization or one nation at a time, and face very real challenges as to how to keep them all protected.
Obviously, the Internet has been incredibly resilient (and generally safe) for the past decades. But with protection not keeping up with the speed of growth, it can present a real problem for any and everyone who keeps important information online.
Why Companies Are at Risk
When topics like this arise, our question is often, “How does this happen?”
Well, all too often companies outsource functions or information so it can focus on its core competencies and not worry about managing servers, IT processes and security. But, many times they know nothing of the information security or business continuity measures of the company to which they’ve outsourced. What’s worse is that portions of the work often get further outsourced as each individual company decides to focus on its core competencies.
One company might seek to mitigate risk by diversifying their outsourcing by working with four separate providers, only to find they all relied on the same cloud service provider, all rely on the same operating system, or all rely on the same Internet service providers.
With so many unknowns, it’s difficult, if not impossible, to adequately measure the resulting risk of this hyperconnectivity.
Imagine if one of these providers somehow suffered a “Lehman moment.” On Friday, the provider held the sensitive and critical data of thousands of companies; by Monday, everything was inaccessible or gone. The shock could be fatal for a company and send a catastrophic ripple through the real economy in ways difficult to understand, model, or predict beforehand.
So the real question becomes, how do we prepare for it?
View this Zurich and Atlantic Council video