Zurich Insurance Group and the Atlantic Council released their latest report, "Beyond data breaches: global interconnections of cyber risk," outlining how interdependencies among sectors can lead to cascading cyber shocks.
Over the last several years, the Internet and associated information technology have fostered the growth of businesses around the world. The way we conduct business has transformed, but dependence on the Internet also has a dark side.
"As society becomes more technologic, even the mundane comes to depend on distant digital perfection," said internet risk expert Dan Greer.
Unfortunately, modern cyber risk management does not give much thought to "distant digital perfection," and the aggregations of cyber risk, which sometimes can lie far outside an organization's own server and firewalls.
It has become much easier to attack than combat cybercriminals. The report suggests that the internet of tomorrow will almost certainly be less resilient, available and robust than it is today, and it will be more likely to initiate and cascade global shocks.
Risk managers, regulators and organizations with system-wide responsibility should focus on resilience and agility rather than prevention, the report suggests. With the interconnectedness of global business, combined with Internet dependency, risks can strike quickly and from any direction. Many businesses are left vulnerable.
Zurich provides recommendations for individual organizations in the report to better prepare and react to cyber hazards. However, the report indicates that organizations create comprehensive, customized plans for handling cyber risks.
Recommendations for individual organizations include:
Basic: regardless of the size of the organization, there is a relatively small set of actions to protect from the most cyber risk:
- Provide application whitelisting
- Use standard secure system configurations
- Patch application software within 48 hours
- Reduce the number of users with administrative privileges
Advanced: larger, more sophisticated organizations should certainly implement the 20 Critical Security Controls, but they also have the capability to engage in far more advanced cyber risk management.
- Push out risk horizon
- Cyber insurance
- Demand more resilient and secure standards and products
- More effective board-level risk management
Resilience: for all organizations, and in some ways, perhaps the most effective.
- Redundancy
- Incident response and business continuity planning
- Scenario planning and exercises
Zurich and the Atlantic Council's report, "Beyond data breaches: global interconnections of cyber risk," is a culmination of a yearlong study regarding interrelated cyber hazards and underlying risks.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
