However, an alarming amount of European firms are still complacent about cyber security.
Today, an awareness of cyber risk is vital to ensure a resilient business. The risk of an attack targeting you or one of your suppliers is only increasing –according to the Identity Theft Resource Center, more than 169 million personal records were exposed in 2015. Combine this with the fact that 38 percent more security incidents were detected in 2015 than 2014, and the extent of this problem is realised.
The Internet of Things (IOT), the network of interconnected physical objects that can collect and exchange data, is also set to raise the concerns presented by cyber. Reports have recorded that there are currently 6.1 billion interconnected devices; which will grow to 50 billion by 2020. According to Forbes, IOT could add another 29$bn to the cost of cybercrime by 2020.
With the potential damage that cyber-attacks can bring, building resilience should be top of mind for European businesses. Organisations must have specific measures in place to avoid cyber-attacks as they would for any ‘traditional’ risk such as a natural catastrophe.
If a business is not prepared for a cyber-attack, it could find itself exposed to damage from data breaches and hacks. To protect against such risks, companies need a comprehensive understanding of the specific cyber insurance available, as well as an appreciation of the steps that they can take to minimise the likelihood of loss.
So what can businesses do to safeguard themselves from the increased threat of cyber-attacks?
Auditing your suppliers and partners
Cyber risk has become a supply chain issue for organisations today. No matter how well you’ve secured your own organisation against cyber threats, you could still be exposed to risk through your partners and suppliers. Let’s say you’re a manufacturer: what if one of your key suppliers is attacked, disrupting both their and your operations as well? Forbes has reported that the manufacturing industry was amongst the top five industries that ran a risk of a cyber-attack in 2016. With manufacturing companies increasingly relying on software to automate processes, manage partners and facilitate R&D, targeting their supply chains has become increasingly attractive to cybercriminals.
While businesses can undertake different methods to minimise the damage caused by a cyber breach, there are also many ways to prevent the breach from happening in the first place. Organisations should build cyber-resilience into their corporate structure so that they are not just reactive but also proactive.
This can be done through:
- Reviewing physical security to prevent unauthorised access to the facility and critical areas
- Ensuring that employee/contractors systems access restricted
- Enforcing a clear desk policy and locked shredding bins so sensitive data in paper form is not lying around
- Using encryption where possible including for file sharing
- Breach Response Planning and stress testing
- Educating employees (do’s and don’ts and policy compliance)
- Ongoing security monitoring
Have a plan in place for a quick recovery after a cyber-attack
While there are many simple things you can do to prevent cyber-attacks, you will never be able to fully eliminate the risk – hackers continually find new methods, and will be able to get around even the tightest security. Businesses should therefore also make sure that they have a continuity plan in place in the event of a cyber-attack. According to an NTT survey on cyber-attacks, 67 percent of respondents believe that it would take their organisation close to eight weeks to fully recover from a security breach. By having a clear and structured recovery plan in place, you can reduce the time taken to get back to full operations and consequently the costs of a full recovery.
Your business continuity plan should address areas such as:
- How are you going to gain control of a security breach and recover?
- What do you define as an acceptable recovery time?
- What is the process for reporting incidents?
- How are you going to raise security awareness to employees?
- How are you going to manage and communicate security policies?
- Who is responsible for the above and can manage the communication with employees, clients and suppliers?
Through following these steps, businesses are able to reduce the recovery time after as well as the costs caused by an attack.
Taking out adequate insurance
At FM Global, we believe that business resilience and the long term success of an organisation go hand in hand. Therefore we have broadened our policy to ensure that we can help our clients tackle the rapidly increasing threat that is cyber, with the essential coverage needed for common cyber loss events including:
- Damage to data, programs or software created by harmful viruses or other malware
- Computer network service interruption due to malicious cyber activity
- Third- party data services interruption (cloud outage) leading to business interruption and/or property damage
- Resulting property damage and business interruption on all-risk basis, to the policy or location limit. The FM Global Advantage policy does not any cyber exclusions.
Businesses can never be certain that they are 100 percent protected from a cyber-attack. However, by enforcing these effective measures, organisations will be able to build ‘business resilience’ from the threat of cyber, which could lead to competitive advantage in an increasingly competitive world.
By Ben McKenna, FM Global