Cyber Risks top global Business Leaders concerns for this year.

Business leaders worldwide manage and mitigate risks on an ongoing basis, to strive to achieve success for their organisations. A recent study by Allianz Risk Barometer concluded that the biggest concern for businesses around the world in 2022 is cyber security threats. Organisations are worried that cyber perils such as ransomware attacks and data breaches can create havoc and irreparable damage.

The study shows that business owners and leaders classify cyber threats as bigger concerns than supply chain disruptions and natural disasters. This survey was conducted in nearly 90 countries and markets amongst 2,650 respondents.

Business Interruption due to Cyber Attacks

Malicious cyber criminals are always on the lookout for vulnerabilities in digital surfaces of organisations to infiltrate with the aim of stealing valuable data or social engineering attacks. In the past months we’ve seen a sharp increase in what is generally referred to as ‘double extortion’ tactics by hackers, whereby they combine the encryption of systems with data breaches.

One way hackers get in, is through the exploitation of software vulnerabilities or physical infrastructure weaknesses (or even Cloud environments’ misconfigurations). Running pen tests is always suggested to (always!) be a step ahead of your attacker. Be proactive and get a specialised cyber security team to run independent and objective security assessments of your website, web applications, mobile apps (Android and iOS) and network systems.

Business outages have devastating consequences, with highly-negative impacts on investors, shareholders, regulators and the market (clients!). Ransomware has become a big business for black hat hackers, holding organisations’ assets and data frozen and asking for ransom funds and also selling datasets on the dark web. The growing reliance on digitalisation and the shift to remote working, led to spikes in ransomware attacks. Interconnectivity is vital in today’s globalised economy and business environment – this has led to more points of failure in the ecosystem, with attacks that can create widespread disruption.

Cyber security should not live in silos

The importance of Cyber security needs to be acknowledged by everyone inside an organisation. It is not the sole responsibility of the IT team or the operations manager. All employees are to be aware of all the possible threats and what to do in case of suspicion. Regular training is not an option nowadays – it is a must! Cyber security needs to be part of the organisation’s culture and governance. The CEO, COO, CMO, CTO and CFO already have their plates full and might consider cyber security as an ‘extra’.

A CISO will help advocate the importance of cyber security and step up the resilience of the organisation in that respect. A rather common challenge is finding the right candidate to take on the role of CISO. In general, there is a huge shortage of cyber and information security professionals, so opting for a fractional CISO or vCISO is an option that is working for most organisations, as it is commercially viable and offers flexibility. In certain industries and sectors, this is part of the regulatory requirements.

Other related concerns

In addition, to the obvious, phishing attacks, ransom attacks, and DDoS attacks, following are other related concerns to business leaders in the cyber security space.

Shortage of Skilled cyber security professionals

A couple of months back The New York Times reported a stunning statistic that there will be 3.5m unfilled cyber security jobs worldwide. And the trend is on the increase. The supply of field specialists is not keeping pace with the constant increase in demand. The expedited shift in digitalisation of organisation, caused by the Covid-19 pandemic, had a direct impact in the disparity of demand and supply of cyber security jobs.

Over Reliance on third-party technologies

Third party technologies often mean less capital expenditure and rapid deployment of systems (when compared to custom-built solutions). Some vendors are slow to release security fixes and the time taken to roll-out such patches can lead to exposed vulnerabilities that in turn pose a serious security threat to organisations. A RAID log of systems and applications is to be kept to always manage (and mitigate!) cyber risks and issues.

Lack of knowledge and information

Lack of direction. Lack of awareness. Lack of understanding of cyber risks. Lack of ownership. Lack of commitment. Lack of communication. These are all triggers and contributors to the problem of cyber risks due to human error/s. Attackers are increasingly targeting humans in organisations, to infiltrate and carry out their sophisticated (and malicious!) actions.

In general, it looks like little effort is being made to understand the value of cyber security and the cost that can emanate from attacks (in the form of fines, loss of business, legal disputes and more). Training is the obvious action here, but not the only way to counteract the human error aspect in the cyber security equation.

Be secure. Always be proactive and increase your organisation’s cyber resilience! Get in touch with one of our experts to safeguard your business and reputation.