Aon recently released its annual cyber disaster report. The report details are gleaned from statistics gathered by Cybersecurity Ventures. By 2021 losses worldwide will hit $6 trillion a year.
Spending on cybersecurity will be close to $1 trillion but it apparently won’t be enough. As bad as the dollar losses will be — says the Aon report — the loss of reputation will be even worse.
“The reputational crisis resulting from an attack can erode a company’s market value, destroy brand loyalty, limit companies’ digital transformation efforts and even lead to a credit-rating downgrade,” Aon said. “An effective cyber resilience strategy can help mitigate both immediate and long-term financial losses.”
Yet companies — says Onno Janssen, Aon’s CEO of Risk Consulting & Cyber Solutions EMEA — still don’t quite comprehend the impact a cyber attack can and will have on a business.
“Understanding the worst-case scenarios and their impact to a business is crucial to developing an effective resilience strategy in which cyber is managed as an enterprise-wide risk across the entire organization,” he said. “The cyber threat is amorphous, and the technology it exploits is advancing at a dizzying pace, so the risk landscape is never going to stand still.”
Janssen suggests businesses make defending against cyberattacks a priority and not an afterthought. “The C-suite will have to aim to constantly improve its holistic cyber risk management strategies to prevent, prepare for and be able to respond to a cyber crisis,” Janssen pointed out and then said, “Ultimate responsibility for all risk management efforts resides in the boardroom.”
The Aon report suggests that businesses take four important stances to stave off — or at least reduce the damage — of an attack:
1. Everyone in the company needs to be involved in protecting the company from cyber attacks, the ultimate responsibility rests with the board of directors, or company management if there is no board.
2. Cyber attacks are a threat to every part of a business. An attack means a response needs to happen on every level and to every stakeholder.
3. Be ahead of the game. In other words, don’t wait for an attack to happen. Be proactive. Train staff to prepare for and effectively respond to an attack.
4. And definitely purchase cyber insurance to protect the company and the pre-loss and post-loss services that accompany such insurance.
Source link: Insurance Business America