A boundless threat
The current reality is that like every other aspect of commerce, economic crime has, to some extent, gone digital. In a hyper-connected business ecosystem that frequently straddles jurisdictions, a breach in any node of that system – including third parties such as service providers, business partners or government authorities – can compromise the organisation’s digital landscape in a variety of ways. What’s more, cyber risk now encompasses more than our traditional view of computers: we’ve observed a sharp increase in attack activity involving the Internet of Things.
Cybercrime, a hot topic
Fighting cybercrime is a strategic issue that needs to go well beyond the IT function. After all, organizations are not being attacked by computers, but by people attempting to exploit human frailty as much as technical vulnerability. As such this is a problem which requires a response that is grounded in strategy and judgment about business process, access, authority, delegation, supervision and awareness—not merely tools and technologies. In our view, chemical executives should take another look at what a fraud risk management system may add to their anti-crime toolkit.
Assessing cyber risk
Critical questions for the Board and the C-Suite
The evolving threat landscape means organisations today must worry about far more than fraud and theft. As attackers become highly organised and also focus their attention on disrupting services, destroying data, and holding systems to ransom, the risk challenges grow more complex—with regulatory fines, legal damages, loss of trust, and reputation damage becoming part of the equation.
Risk powers performance
Amid this landscape, the connection between risk and performance grows stronger, with responsibility for overseeing cyber risk increasingly resting with the Board and the C-Suite. These top leaders increasingly want to confirm that their businesses remain secure, vigilant, and resilient, but they are sometimes far removed from the day-to-day challenges of monitoring, detecting, and responding to evolving cyber risks.
Ten critical questions can help Board members and the C-Suite get started by unlocking insights about their cyber maturity. Explore them here, and discover guidance that can help you develop focused answers and build new cyber risk understanding.
- Do we demonstrate due diligence, ownership, and effective management of cyber risk?
- Do we have the right leader and organisational talent?
- Have we established an appropriate cyber risk escalation framework that includes our risk appetite and reporting thresholds?
- Are we focused on, and investing in, the right things? And, if so, how do we evaluate and measure the results of our decisions?
- How do our cyber risk program and capabilities align to industry standards and peer organisations?
- Do we have a cyber-focused mindset and cyber-conscious culture organisation wide?
- What have we done to protect the organisation against third-party cyber risks?
- Can we rapidly contain damages and mobilise response resources when a cyber incident occurs?
- How do we evaluate the effectiveness of our organisation’s cyber risk program?
- Are we a strong and secure link in the highly connected ecosystems in which we operate?
Boards and C-Suite play a critical role in cyber risk
Cyber threats and attacks continue to grow in number and complexity, all while the business world grows increasingly connected and digital. Amid this new landscape, managing cyber threats becomes a business and strategic imperative, with the stakes higher than ever. These days, cyber crime involves more than fraud and theft. As the domain of vast criminal networks, foreign government-sponsored hackers, and cyber terrorists, cyber crime extends across the risk spectrum—to involve disruption of services, corruption or destruction of data, and even “ransomware” activities that seek to extort money, access, or corporate secrets from victims.
Today, cyber risk and performance are more tightly intertwined. Tangible costs from cyber crime range from stolen funds and damaged systems to regulatory fines, legal damages, and financial compensation for affected parties. Intangible costs could include loss of competitive advantage due to stolen intellectual property, loss of customer or business partner trust, and overall damage to an organisation’s reputation and brand. Beyond the damage to individual organisations, the sheer scope of cyber attacks now has the potential to cause mass-scale infrastructure outages and potentially affect the reliability of entire national financial systems and the well-being of economies.