At a glance
- The Global Risks Report 2020 again highlights cyber-attacks as a key risk in 2020
- As cyber-attacks become more frequent organisations must re-think their risk strategies to protect themselves and the people who depend on them
- We take a look at the increasing risk of cyber-attacks and how equal attention needs to be paid to a supply chain.
This article counts towards accumulating your annual CII CPD structured learning hours for Business Interruption.
By reading this article, and correctly answering the three questions underneath, you will have achieved the following learning outcome: Summarise the key components of a business continuity plan and/or the benefits of supply chain risk management.
Visit the CPD Hub to log in and begin accumulating CPD hours.
The Global Risks Report 2020 again highlights cyber-attacks as a key risk in 2020, and for good reason. As mentioned in the report, attacks are almost becoming normal, such is the frequency of them across various sectors as well as, in some cases, cities.
The increase in the use of Internet of Things (IoT) devices, with a reported 21 million devices in use worldwide, has resulted in an increase in IoT device attacks of 300% in 2019.
With the number of devices also set to double by 2025, it is important that people are aware of the risks of using them, and businesses are aware of the importance of continuity plans should an attack occur.
Data theft is particularly attractive to hackers, given the monetary value placed on the security of data and the potentially catastrophic consequences a leak could cause. Ransomware, a type of malware in which files are hacked and a user is threatened with their publishing unless a ransom is paid, is an increasingly common method of attack and the United Kingdom had the most detections of ransomware in Europe in 2019.
As cyber-attacks become more frequent organisations must re-think their risk strategies to protect themselves and the people who depend on them from the magnitude of cyber-related losses.
The damage of an attack
Business continuity is key when under a cyber-attack, and it is important that companies of all sizes have a plan in place should regular business be interrupted. For smaller companies in particular, an estimated 60% closed within six months of falling victim to a cyber-attack or data breach.
With such drastic consequences possible following an attack, and countless years of hard work potentially ruined, organisations need to ensure plans for prevention but also procedures for the worst-case scenario. It is also important to remember that, even with the most rigorous of defences, one person clicking on a dodgy link, downloading a file or accepting a transfer from an unusual place could trigger an attack, so staff need to be trained and regularly tested in order to keep awareness high.
The risks of the supply chain
In addition to ensuring staff are regularly trained and tested on the importance of spotting potential hacks, it is often not just the primary company that should be considered. Supply chains are a crucial part of businesses both large and small, and research has shown that due diligence of suppliers down a chain is slipping.
In order to provide the best possible chance of business continuity in the event of an attack anywhere along a supply chain, organisations need to have set plans for the hours, days and weeks following. There are a number of ways an attack on a supply chain could impact another company, for example in the delivery of stock to a high street retailer, or the shutting down of a company website hosted by an agency. When discussing the damages of a cyber-attack, the costs demanded by a hacker may not be the hardest hitting, as the cost of business interruption could reach far higher levels.
Continuity plans in place such as knowing a secondary source companies could go to, or secondary networks that could replace a hacked one, could be difference between companies being able to trade or not, and potentially whether they remain in business at all.
For more information on the topics discussed in this article, please get in touch with your local Zurich contact.
To read the Global Risks Report 2020, download the full report or executive summary below: