A new report released by Aon plc indicates that losses from cyber attacks will reach $ 6 trillion globally by 2021. The Report on cyber security also predicts that cybersecurity investment will exceed 1 trillion dollars accumulated According to this report, companies face severe and immediate financial losses due to the procedural costs of such incidents, regulatory fines, which increased after the implementation of the General Data Protection Regulation, and losses. revenue resulting from the interruption of its activity. While the immediate financial costs of a cyber attack can be detrimental to businesses, the report suggests that the long-term damage to their reputation is just as worrying.
The reputation crisis resulting from a cyber attack can undermine a company's market value, destroy brand loyalty, limit digital transformation efforts and even lead to a credit rating downgrade. An effective cyber resilience strategy can help mitigate immediate and long-term financial losses.
According to another recent Aon study, cyber risk was for the first time on the list of the top five business risks in Portugal in 2019. Overall, risk managers are also experiencing a lower level of preparedness for cyber risk and there is a need to adopt risk management measures as opposed to risk transfer in order to mitigate these threats and protect organizations.
Some companies still do not fully understand the impact a cyber attack can have on their business. Awareness of worst-case scenarios and their impact is crucial to the development of an effective resilience strategy in which cyber is managed as a risk to and across the enterprise. Executives should constantly seek to improve their holistic cyber risk management strategies to prevent, prepare and be able to respond to such a crisis.
The “Prepare for the Expected: Safeguarding Value in the Age of Cyber Risk” Report finally identifies four steps needed to build a cyber risk-resilient organization:
Take responsibility – Cyber risk management should be a cross-company effort, but responsibility needs to be allocated to the top of the organization.
Bringing the company together – cyber risk is not just a matter of technological and computer security. It is an enterprise-wide threat and requires a multidisciplinary, multilevel response that engages all relevant stakeholders within the organization.
Control the process – Companies can no longer count on hiring a response team after a cyber attack. Incident response management is critical in preparing organizations, and scenario planning helps to understand operational vulnerabilities and threats.
Protect the operation – Companies should look at how they are taking advantage of the available risk transfer opportunities. Cyber insurance can help protect an organization's balance sheet by providing post loss and pre-loss prevention services.
Source: Aon plc