Cyberattacks: the #1 threat to North American companies
February 16, 2016
Learnings from the Global Risks Report 2016
The internet plays a critical business function in North America, and the United States in particular. Consider these facts from the Global Risks Report 2016, which was produced by the World Economic Forum in strategic partnership with Zurich:
- 87% of the U.S. population uses the internet, making it one of the best-connected countries in the world.
- The U.S. ranks 2nd globally for online business-to-consumer transactions.
- In 2014, cybercrime costs reached $100 billion in the U.S.—nearly one-quarter of the $445 billion in global losses.
North American business leaders are well aware of these costs, as well as the increasing frequency and business interruption of breaches. In fact, they elevated cyber to their number one risk, according to the Global Risks Report. Other regions of the world placed geopolitical and societal risks higher, but cyber remained in the top three risks for 18 countries, primarily in Northern Europe and Japan.
The Report outlines key interconnections with cyberattacks—such as adverse consequences of technical advances and a critical information infrastructure breakdown—whether it’s destroying a profitable e-commerce site or the ability to manage a global supply chain network. In addition, the “risk velocity” of a cyberattack—i.e., the high speed of onset and impact—requires an organization to be prepared with an equally high speed of response to help protect its competitive advantage.
The Ponemon Institute reports that while malicious criminals are responsible for 41% of cyberattacks, human error is responsible for 33% of them. This human factor is what can make cyberattacks more difficult to control and why decreasing the impact through a well-planned business continuity response management approach is of paramount importance.
These three steps can help your organization determine the right and rapid response to a cyberattack:
- Make it a board-level priority to examine the interconnections between advanced technology and cyber vulnerability. As organizations depend more on innovations such as cloud computing and 3D printing, it’s important to identify the new risk scenarios these technologies bring with them.
- Establish 360 degree risk assessments and scenario-based analysis. Determine where risk mitigation improvements should be made company-wide, and proactively adjust your digital infrastructure—whether it’s changing your backup locations or third-party vendor relationships.
- Build cyber resilience through stress testing. Once you’ve made improvements, test what happens if your systems go down—how will your e-functions, such as payroll, ordering or production recover? Can you continue to serve clients during a cyberattack? Are your suppliers equally resilient?
Your business peers in other regions of the world are facing not only cyber threats, but also more macro forces such as failure of national governance, large-scale involuntary migration and energy price shock, as shown in the global risk of highest concern map. North America is fortunate to have relatively stable governments and economies, yet all these international exposures may impact global trade and necessitate adjustments to strategy and execution plans. Continuing to grow your business both in the short-term and long-term will require the ongoing adoption of new, advanced technologies. And it will require building organizational resilience through an enterprise-wide approach to managing cyber risks.
The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.