Yesterday I blogged about various information sources that keep me abreast of the field.
Right on cue, here's an excellent example: a shiny nugget I found on the Web today, following my nose from a Google search through several other references and links.
Aon's latest Global Risk Management Survey reports on an online survey completed by business people from 1,843 organizations globally at the end of 2016.
According to the 2017 report, the top 10 risks of most concern to management are:
- Damage to reputation/brand
- Economic slowdown/slow recovery
- Increasing competition
- Regulatory/legislative changes
- Cyber crime/hacking/viruses/malicious codes
- Failure to innovate/meet customer needs
- Failure to attract or retain top talent
- Business interruption
- Political risk/uncertainties
- Third party liability (inc. E&O)
I've highlighted #5 - cyber risks - because they are so obviously relevant to information security awareness.
Aparently, cyber risks were ranked #1 by respondents from the aviation, education and government sectors. Why might that be?
- The aviation industry is extremely safety-conscious, so I guess they are concerned at the possibility of cyber incidents leading to injuries and deaths, for example through cyber-terrorism. On top of that, fly-by-wire planes are critically dependent on their on-board IT systems so system design flaws, bugs, configuration and operator (especially pilot!) errors can be lethal. The dreaded blue screen of death could be literal.
- Governments, meanwhile, must deal with sophisticated and well-resourced cyber-attacks by other nation states, while doing their best to protect critical national infrastructures and economies. They also need to address terrorists and criminals, as well as tax-evaders, fraudsters and so on. As they become increasingly computerized, governments are inevitably more exposed to cyber threats.
- I don't really know why the education sector is so worried about cyber risk, except perhaps the fact that kids today are more cyber-savvy than all previous generations, including the teachers and administrators trying to educate them. Hmmm, not sure about that. [Thoughts, anyone?]
"Cyber threat has now joined a long roster of traditional causes—such as fire, flood and strikes—that can trigger business interruptions because cyber attacks cause electric outages, shut down assembly lines, block customers from placing orders, and break the equipment that companies rely on to run their businesses. This explains the dramatic rise in ranking, from number nine in 2016 to number five this year. For survey participants who are risk managers, they have voted it a number two risk, probably because cyber breaches are becoming more regulated, with many companies in the U.S. and Europe facing mandatory disclosure obligations. Similar requirements are being introduced in Europe and elsewhere. As a result, cyber concerns will continue to dominate the risk chart ... About 33 percent of surveyed companies are now purchasing cyber[insurance] coverage, up from 21 percent in the previous survey."