Five ways senior execs can confront cyber risk
In 2017, the cyber stakes changed for the C-suite. We saw cyber attacks:
- paralyse company operations,
- drain billions in market capital, and
- cause the dismissal of senior executives.
Two emerging trends show that things will likely get worse before they get better.
First, attacks are becoming more destructive. In May and June 2017, hackers unleashed the WannaCry and NotPetya attacks. These targeted known vulnerabilities and took down systems around the world.
Second, as the attacks grow more severe, regulatory controls are tightening. Companies now have legal obligations to do more to protect data and systems.
A new report from Marsh & McLennan offers five recommendations for boards and the C-suite to confront cyber risk:
- Secure your cloud. Cloud computing offers powerful benefits for companies of all sizes or sectors. That does not mean you can outsource your responsibility for security. Many breaches still start with weak passwords, sloppy authentication and poor certificate validation. To prevent breaches, you must maintain strong internal security to stop unauthorised access. And, while cloud providers will provide security controls, you must opt-in and incorporate the controls.
- Spend time on patching. Patching presents problems. On one hand, most cyber exploits target known vulnerabilities that need software fixes. On the other, the patching process takes time to conduct the reviews so it doesn’t interfere with complex IT environments. Make sure your process will identify the most critical vulnerabilities and shorten patch implementation for those fixes.
- Rethink the human element. Successful corporate strategies need to address the people aspect as well as processes, and technology. A good place to start is to reinvent employee training. Try supplementing or replacing email blasts with games and incentives.
- Engage with the government. Good relationships with regulators might save the victim of a cyber attack from being treated as a villain. Take the time to reach out to the key agencies looking into your cyber practices and responding to incidents.
- Plan, plan, plan. In stressful situations, people revert to instinct. Conducting a mock cyber exercise will help establish your plan for the real thing.
Simply increasing your cyber security budget fails to solve the problems. You will need to organise the resources necessary to respond to evolving threats and limit the growth of vulnerabilities. Failure to keep pace with this ever-evolving risk could lead to:
- loss of data,
- system outages, and
- the surrounding consequences of failing to protect critical cyber assets.
But, with the right approach, you can thrive in the digital economy and avoid falling into the pitfalls of cyber risk. We work with our insurer partners to arrange a cyber policy that is truly fit for purpose. In addition to comprehensive cover, it will also feature access to a team of breach specialists that can help you address risks and issues at pace.
Read the full, unedited article and subscribe to get BRINK in your inbox here…
Jelf is part of Marsh & McLennan Companies. BRINK combines knowledge and expertise from across Marsh & McLennan and is managed by Atlantic Media Strategies, the digital consultancy of The Atlantic. The content is subject to BRINK’s Terms and Conditions of Use.