Cyber Resilience: Where do you rank?

Why is cyber a problem?

According to the Centre for Strategic and International Studies, the estimated annual losses from cyber attacks are $400bn. Last year’s WannaCry cyber attack alone cost $4bn. Clearly, cyber attacks are both evolving and increasing rapidly. As technology is becoming more intertwined in every element of business, there are ample opportunities for hostile actors to infect businesses and cause disruption. The risk is not exclusive to large business either; businesses from all industries, large or small, are at risk.

The rise of the intangible risk

Businesses more readily understand the more tangible risks they face like fire and flood however less tangible risks like cyber crime, are less understood, thus becoming a lucrative business.  Cyber attacks leave little evidence, making it difficult for authorities to track down the culprits. When it comes to ransomware attacks such as WannaCry, many businesses pay the ransom to regain access to their data – an incentive for criminals.

The threat of cyber attacks, unconstrained by geographical borders, represents a stark change from the more traditional, tangible threats businesses are accustomed to dealing with. For example, when mitigating the threat of a hurricane, scientists are able to predict when and where it is most likely to strike by evaluating factors such climate and location. Additionally, the long, historical record of hurricanes and hurricane damage provides data from which businesses can create strategies to reduce the damage a hurricane might cause in the future. Unfortunately, cyber attacks do not have this long record of data, nor warning signs, which can make it difficult for businesses to build resilience to this threat.

Physical damage resulting from cyber

Although cyber attacks are intangible, the damage they inflict isn’t confined to the digital sphere, as physical damage can often result from a cyber attack. The manufacturing industry is particularly vulnerable to a cyber attack – the growth of the Industrial Internet of Things with connected, automated devices has increased the potential for cyber-related damage. For example, a turbine that is remotely controlled could be hacked through a factory’s industrial control system, and made to overspeed to destruction. The resultant fire and damage to property could pose a considerable financial burden to a business, as operations are disrupted – all because of a cyber attack.

How can businesses mitigate the risks of cyber?

It is imperative for businesses to be proactive rather than reactive when it comes to cyber security. Businesses need to ensure every part of their enterprise is protected, even from employees as well as contractors and their supply chain partners. A small vulnerability can be hugely detrimental to a businesses’ cyber security.

An effective method of preventing cyber attacks is to develop a culture of resilience within a business. Cyber security should not be the exclusive domain of the IT department, it has companywide consequences and should be the responsibility of the C-suite to drive a cyber safe culture within their organisations. As cyber crime presents itself in a variety of forms, businesses can combat the risk of a cyber attack by implementing staff training to spot a potential cyber attacks, like phishing emails, establishing password strength and change requirements, mandating software updates and data back-ups to secure their data. All while restricting what data employees can access and share. Flash drives are an easy source for corrupting networks and their use should be either denied or be subject to encryption.

Cyber attacks are set to rise, and to survive businesses need to be resilient. FM Global, one of the world’s largest property insurers, has created the FM Global Resilience Index, which can help with navigating the often tricky cyber landscape. Using tools such as The Resilience Index can give businesses the necessary information they need to build their resilience to a cyber attack, which today is vital for long term success.

FM Global Resilience Index

The Resilience Index is a publicly available, data-driven tool which provides an analysis of the various aspects that affect the resilience of a country’s business environment.  First released in 2014, the Resilience Index was developed to help businesses understand the threats they face across the globe.

For the most recent edition released earlier this year, the Resilience Index ranked 130 countries, using data collected by FM Global’s own engineers as well as from sources such as the World Bank and the IMF.

When creating the Resilience Index, FM Global collected and analysed data to understand which factors could have a disruptive effect on businesses across the globe. Among the various factors, businesses can view a country’s inherent cyber risk, and whether that country has become more or less resilient in this sector over time.

According to The Resilience Index, the UK has become relatively less resilient to cyber risk. Looking at the data, the UK’s inherent cyber risk ranking increased from a score of 84 in 2017, to 91 in 2018, giving the UK a score of 53/100. Since 2014, the UK’s cyber ranking has fluctuated, highlighting the volatile nature of cyber attacks. The capability of the Resilience Index to track results over time gives businesses the data needed to remain aware of the ever-evolving cyber landscape.

Incorporating data from over 130 countries also enables businesses to track the cyber risk inherent across their supply chains – vital knowledge when considering that 56% of businesses have had a breach caused by one of their vendors, according to Ponemon Institute.

The results of being resilient

Given the constant risk that businesses face from cyber attacks, it is vital that risk management strategies are implemented, taking into account vulnerabilities in primary operations and across the entire supply chain. As part of this risk management focus, businesses can build resilience by partnering with a knowledgeable insurer who can work quickly to help reduce loss and aid in the recovery process. When every hour lost is revenue lost, the advantages for businesses should be clear to everyone.

When it comes to cyber risk, it is not a question of if, but when, a business will be attacked. Building resilience and mitigating the damage of this risk is therefore vital. By using the FM Global Resilience Index, businesses can gain an understanding of the broader cyber risk landscape around the world, helping the C-Suite make informed investment and operational decisions – crucial for long-term success in an increasingly competitive business environment.

About the Author

Ben McKenna is Vice President, FM Global London Operations Claims Manager, based in Windsor, UK. In this leadership role he is responsible for management of claims for London Operations’ written accounts, as well as AFM UK. Additionally, he manages loss handling activities across UK, Middle East and Africa. He leads a talented team of in-house adjusters and claims examiners. Ben also conducts regular policy training sessions with clients and brokers, as well as attendance at seminars and market initiatives both in the UK and EMEA region.