For the first time ever, Cyber incidents ranks as the most important business risk globally in the ninth Allianz Risk Barometer 2020, relegating perennial top peril Business interruption (BI) to second place.
While organizations of all sizes have benefited from the efficiencies and conveniences of taking their business digital, it’s not without risks. Cybersecurity in today’s hyperconnected world is a necessity for large, medium and small businesses alike. Smaller businesses may be more prone to cyberattacks as they typically have fewer resources dedicated to cybersecurity.
In a prior article, we analyzed Articles 1 through 4 of the California Attorney General’s proposed California Consumer Privacy Act (“CCPA”) regulations. This article discusses Article 5 (Special Rules Regarding Minors) and Article 6 (Non-Discrimination). The CCPA went into effect on January 1, 2020, which means that businesses should, at a minimum, be updating their online privacy policies and accepting and responding to consumer requests.
Late last year, it was announced that the major aluminum manufacturing firm, Norsk Hydro AS, received a $3.6 million cyberinsurance payout – the first around highly publicized, extensive cyber breach of March 2019. The large ransomware attack struck the company’s U.S. facilities – before spreading throughout the company, resulting in millions of dollars lost – destabilizing Norsk Hydro’s operations until the summer months. The payout covered merely six percent of the multi-million-dollar costs created by the incident and its aftermath.
Apparently, we are getting in our own way when it comes to advancing cybersecurity. According to a leading 2018 study by the Ponemon Institute LLC (sponsored by IBM), the three primary causes of data breaches were malicious or criminal attack, system glitch and human error. While the study reports that the length of time to identify and contain, and the cost, were lower for data breaches caused by human error as opposed to the other categories, it is an issue that nearly 27 percent of data breaches are caused by human error.
Artificial Intelligence (AI) rests on the verge of transforming both business and society. Financial firm UBS forecasts that next year, the AI market will be worth $12.5 billion due to huge improvements and broader adoption of the technology. And BCG Henderson Institute found that though most leaders have not yet seen significant impact from their AI initiatives, they firmly expect to within the next five years.
If enterprise security continues to mature as a business function, in most enterprises, senior management will ask for a set of metrics to measure performance.
January 1, 2020
What is the point of spending time, resources and money on your security program if you can't tell whether it's working or not? It's just as important to establish the right metrics for a security program as it is to have such a program in the first place.