The risks for companies have changed dramatically in recent years. Traditional risks such as business interruption, legal changes in the economic environment or general market developments still occupy top positions in the Allianz Risk Barometer 2021, but cybercrime is now listed as the most important corporate risk for the first time. Overall, there is a dangerous interlinking: The advancing digitization and new technologies create more security gaps for cyberattacks, these can often lead to business interruptions and both, in turn, lead to a loss of reputation.
Since the beginning of the Allianz risk survey, the risk of
business interruption has always been in the first place. In the Allianz Risk Barometer 2021, this is
now different: cyber incidents, cyber risks, or threats from the IT sector are
now named cyber risks as the most dangerous company risk with 57 percent. This,
although other classic areas, such as B. Legal problems in the field of the economy (Brexit or the trade war between the USA and China) and climate change
have been on everyone's lips, especially recently.
Negative Symbiosis of Threats
On closer inspection of the survey results, it should be noted
that there is an unfavorable link between risks: Cyber incidents due to
ransomware attacks, malware infections or the like can often trigger business
interruptions (production standstill, failure of customer platforms, failure of
communication channels, data loss, etc.), with which the risk for the whole
“company” increases significantly. In general, if the company's IT is
affected, the effects can be catastrophic.
The risks of new technologies (5th place) are also largely linked
to the cyber area: networking of machines, nanotechnology, artificial
intelligence, blockchain, etc. affect the company's IT as well as the overall
structure. The negative connection between IT risks and general
operational risks also applies indirectly: companies are in tough competition
with one another and at the same time compete for the skilled workers they
need. The shortage of skilled workers will also worsen in the IT security
area. According to the “Global Information Security Workforce” study,
there will be a shortage of around 350,000 cybersecurity experts across Europe
in 2022. To guarantee IT security in the future, many companies
are therefore forced to outsource services. Is this not possible, important
internal functions may not be performed satisfactorily, which can lead to
operational restrictions. Something similar applies to the subject of
"loss of reputation of the company", which has now been moved up to the eighth place. Here, too, there is a close interaction between general
problems and the IT environment in particular: data loss, data misuse, or the
like are fundamentally extremely dangerous and can lead to serious
interruptions in ongoing operations. Also, they are publicly and
critically discussed, which in turn attacks the company's image. Overall,
it can be said that cyber risks, so to speak, pile up with others or even
multiply. Something similar applies to the subject of "loss of
reputation of the company", which has now been moved up to the eighth place. Here,
too, there is a close interaction between general problems and the IT environment
in particular: data loss, data misuse, or the like are fundamentally extremely
dangerous and can lead to serious interruptions in ongoing operations. Also, they are publicly and critically discussed, which in turn attacks the
company's image. Overall, it can be said that cyber risks, so to speak,
pile up with others or even multiply. Something similar applies to the
subject of "loss of reputation of the company", which has now been
moved up to the eighth place. Here, too, there is a close interaction between
general problems and the IT environment in particular: data loss, data misuse, or the like are fundamentally extremely dangerous and can lead to serious
interruptions in ongoing operations. Also, they are publicly and
critically discussed, which in turn attacks the company's image. Overall,
it can be said that cyber risks, so to speak, pile up with others or even
multiply. Data misuse or the like are generally extremely dangerous and
can lead to serious interruptions in ongoing operations. Also, they
are publicly and critically discussed, which in turn attacks the company's
image. Overall, it can be said that cyber risks, so to speak, pile up with
others or even multiply. Data misuse or the like are generally extremely
dangerous and can lead to serious interruptions in ongoing operations. Also, they are publicly and critically discussed, which in turn attacks the
company's image. Overall, it can be said that cyber risks, so to speak,
pile up with others or even multiply.
Help from Insurers
According to the risk experts, this trend will continue for the
foreseeable future. In the future, companies will work networked far more
than usual, act in socio-political areas of tension, and face classic, global
competition. In this environment, social media, networking in the employee
area, data theft, cyber extortion, etc., and all the resulting complications and
dangers are increasing. Ever larger and more expensive data scandals, an
increase in cyber extortion and spoofing incidents, but also higher fines due
to stricter data protection regulations and claims for damages are the result. A
serious data theft - with more than a million records - costs an average of $
42 million today,
According to Allianz, whose survey of around 2,700 participants
from over 100 countries - including CEOs and executives, risk managers, and
insurance experts - reduced the current ranking of corporate risks, risks of
any kind have generally become more unpredictable. The insurance company
reacts: They have a high level of risk expertise and would therefore offer
themselves as a partner in risk analysis. They have now made comprehensive
protection packages available. Allianz recently expanded its cyber
insurance for SMEs to include “CyberCrime - Social Engineering”.
Corporate Responsibility as A Constant
Classic insurance is important and will continue to be so. However,
insurance only takes effect when the damage has already occurred, whereby they can
usually only mitigate the consequences. However, the first priority for companies
is to maximize Cyber Risk Resilience®. Management and board members are
already giving cyber risks higher priority, but a rethink at the highest level
is required: Because cyber attacks are still viewed as a “risk”. A risk
that normally will not occur. The normal case, however, is that companies
are attacked. Consequently, the absence of an attack should be viewed as a
special case. So it is no longer a question of how to prevent a negative
event from occurring. The new goal is to clarify how to survive
despite negative events or how to conduct business as normally as possible. Of
course, internal and external cyber experts are still in demand here, who set
up and secure the company in such a way that insurance policies do not have to
be used at all, if possible.
SOC as An Important Component
For security-conscious companies, the Security Operation Center
(SOC) is the heart of all security measures. A SOC project is the way to a
transparent and therefore real assessment of the threat situation. Experienced
analysts have experience in complex situations in complicated IT environments
and combine prevention with vulnerability detection, they ward off attacks and
know what to do in the event of an attack to keep the damage as small
as possible. In principle, many findings from the area of cyber risks
are incorporated: attacks, data protection, organizational considerations,
backup, and much more. For this purpose, ISPIN provides extensive
considerations from years of its own practice as a SOC provider. Just
the question of building a SOC yourself, Or rather, handing it over to external experts is
extremely complex and must be carefully considered.
Traditional Threats - Surpassed by Cyber Risks
It is noteworthy that, according to the results of the Allianz study, even the risks of almost extreme events have been outstripped by cyber
risks. These include the trade disputes between the USA and China, the
customs problem, uncertainties about Brexit, sanctions against
important nations, and the associated legal uncertainties.
Also, studies by the World Economic Forum(WEF) support such new knowledge. The
WEF's focus is on environmental risks, but there are similar trends for the
short-term risks in 2021. In the “Technology” category, “Cyber attacks
on infrastructure” came in first place with 76.1 percent mentioning. In
the area of “geopolitics”, “economic conflicts” come first, in “society” it
is “domestic political polarization”, in “environment” it is “extreme heat
waves” followed by “destruction of natural ecosystems”. In terms of
percentage mentions, cyber risks in your category are almost at the same level
as the peak risks in the other areas. In terms of long-term risks, those
of the next 10 years, the WEF also puts the risks of “data misuse or theft,
cyber-attacks” in first place in the “technology” area.
To keep your data safe from traditional threats, you have to choose the right protection software like total security software
Comments
Post a Comment