As the world becomes increasingly interconnected and the digital revolution continues to transform the way governments and businesses operate, the issue of cybersecurity has become a pressing concern for global policymakers and business leaders. Amid the global explosion of the internet, and growth of related information and communication technologies, governments and businesses continue to move their key assets and systems into the digital domain. While digitization has accelerated global economic growth (productivity, service delivery and the ease of doing business) it has also given rise to a new set of risks affecting global business operations and national security.
Rapid ICT Expansion Creates Both Opportunities and Risks
The rapid expansion of information and communication technologies (ICT) – particularly the Internet – has revolutionized the global economy, transforming the way governments, businesses and individuals connect and interact. Today, a vast majority of businesses, regardless of size or location, rely on ICT to some extent in their day-to-day operations and critical infrastructure depends more than ever on cyber technology. The ‘Internet of Things’ revolution is allowing businesses to better connect with and gain insights on their customers, suppliers and partners. These developments in favor of interconnectedness have reaped tremendous benefits in service delivery, information sharing, greater market potential, productivity gains, and cost savings but have also created inherent risks such as: cyber attacks, cybercrimes, and cyber espionage.
The 3 Types of Cyber Attacks
Hostile cyber activities can be broadly divided into three categories. All three can have significant implications for both governments and private companies. While definitions vary, researchers at Duke University provide a useful overview of each concept*.
1) Cyber Attacks (Or Cyber Sabotage)
Cyber-attacks are defined as ‘the malicious use of offensive cyber capabilities to undermine, manipulate, or destroy critical civilian and military networks and infrastructure.’ A prominent example of this is the hacking attack on Ukraine’s power grid that occurred in December 2015. This hacking attack left 225,000 residents of western Ukraine temporarily without electricity and has been described by experts as the world’s first known electricity blackout caused by a cyber-attack.
A cybercrime, is described as ‘an offensive cyber operation that is conducted for material and criminal, rather than political, gains.’ The British telecommunications provider TalkTalk was the victim of a cybercrime in 2015 when the details of more than 150,000 of its customers were stolen. Talktalk was fined GBP400,000 for failing to adequately protect its customers’ data.
3) Cyber Espionage
An act of cyber espionage is ‘an attempt to penetrate the networks of an adversary in order to extract sensitive or protected information.’ A recent example of this was the hacking of the Democratic National Committee during the US presidential election. Private companies are also at risk of cyber espionage – with potentially serious repercussions such as the theft of intellectual property.
How to Protect Your Brand Values and Business Reputation from Cyber Threats
For businesses, the costs of such cyber incidents can be significant and manifold. In addition to economic impacts caused by operational disruptions, loss of competitiveness (resulting, for example, from intellectual property theft) and high investigation costs, there are also reputational and legal ramifications. Indeed, concerns over past or potential cyber incidents can severely damage a company’s reputation and negatively affect future relationships with suppliers, business partners, employees, and customers. Firms can also face considerable litigation costs and legal penalties if found guilty of non-compliance with cyber-security regulations.
As such, cyber security has, unsurprisingly, become an increasingly prominent issue for business leaders globally. A survey conducted by the World Economic Forum, as part of its Global Risks Report 2017, revealed that ‘cyber attacks’ was the risk most commonly reported by business executives in the US, UK, Norway and New Zealand. The surveyed business executives were asked to select five out of a possible 29 global risks of highest concern for doing business over the next ten years. Indeed, over half of all respondents in these countries selected ‘cyber attacks’ within their top five risks, with this share being especially high in the UK (67.1%). Dun & Bradstreet’s 2016 Global Enterprise Risk Study also revealed that cybersecurity is the foremost threat on the minds of finance leaders today.
At a macro level, cyber incidents threaten to cause potentially significant costs in terms of economic output. The Lloyd's City Risk Index 2015-2025 analyses the potential impact from 18 manmade and natural threats on the economic output of 301 of the world's major cities. The report finds that cyber incidents pose the seventh most significant threat in terms of the ‘potential GDP at risk’, i.e. the expected loss in economic output of such incidents expected to occur during 2015-25.
6 Ways to Defend Your Organization from Cyber Threats
Given the increasing frequency, scope and sophistication of cyber threats, as well as the significant costs that they can produce, it is more critical than ever that businesses ensure they do all that they can to mitigate their risk exposure.
Experts at Dun & Bradstreet suggest companies should:
- Review your cyber-security practices and incident-response plans to ensure that they are robust, up-to-date, and in line with best-practices;
- Employ basic cyber hygiene routines such as secure password creation requirements and storage and patching of vulnerable systems;
- Keep abreast of rapidly evolving cyber-security legislation – for example, the EU’s General Data Protection Regulation, which will come into force in 2018;
- Define clear roles and responsibilities for cyber risk within your organization;
- Have contingency plans in place in case of a cyber attack;
- Consider cyber insurance; note that insurance can be obtained not only for financial losses but also for a range of other services, including on-the-ground support during an incident and reputation management.