Cyber risk is a critical concern for business leaders. According to the World Economic Forum’s 2018 Executive Opinion Survey of more than 12,500 executives, large cyber-attacks are ranked as the #1 risk for doing business virtually across all advanced economies. As companies develop their approach to this dynamic and challenging threat in 2019, there are some emerging trends that they should consider.
First, the growing use of technologies such as artificial intelligence, the Internet of Things, and robotics are broadening the cyber attack surface. While these technologies have significant potential to improve a company’s productivity and efficiency, they are often being deployed without full consideration of the degree to which they might increase the firm’s cyber exposure. Decisions around the deployment of new technologies need to consider increased cyber risk as an important part of the cost/benefit analysis.
Second, for many businesses, first party risk (not third-party risk) is now the primary cyber consideration. The potential financial loss from the theft of third party information in a cyber attack remains a critical issue. However, as organizations become increasingly dependent on technology for their core business processes, the cyberattack scenarios that create the greatest damage for many businesses are those targeting vulnerabilities within their own digital infrastructure and which can result in significant business disruption or property damage. Cyber risk planning needs to fully address both first party and third-party scenarios.
Third, as the mindset for approaching cyber risk planning, organizations need to internalize that it is not a question of “if” but “when” they will experience a major cyber event. This will rebalance the way companies invest and allocate their cyber risk management resources. While businesses need to continue to put processes and infrastructure in place to detect and deter potential cyber attacks, they also need to invest in processes which help them respond and regenerate after an event takes place. For many organizations, we see re-allocating resources from prevention to response as a constructive direction.
Against the backdrop of these trends, the 2019 edition of the MMC Cyber handbook includes our perspectives on major developments, specific industry implications, and strategies to increase resilience. It features articles from business leaders across Marsh & McLennan Companies, as well as experts from Microsoft, CyberCube, Cisco, and FireEye. We hope this handbook will help provide you with some new perspectives on how to increase your cyber resiliency in the face of this ever-expanding threat.