Many companies are unknowingly vulnerable to data leakage, phishing attacks, trojans or advance persistent threats, according to a new report from Lloyd's and technology company HP.
Digital risk management must be a board-level concern for business as the range, frequency and scale of cyber attacks increases, said the report, "Managing digital risks: trends, issues and implications for business."
The report warns that as businesses become more reliant on technology, they will face more complex and damaging digital attacks as sophisticated attackers quickly adapt their methods to steal from, disrupt and spy on businesses.
Lloyd's Chairman Lord Peter Levene said in a statement: "A discussion of digital risks should be on the agenda of board meetings everywhere as cyber attacks become more frequent, more creative and more disruptive. Cybercrime is an international business aided by those countries without the legislative framework to tackle it."
While most of the digital risks that companies face, such as extortion and stolen information, are similar to risks they have always known, technology has increased the speed at which these risks can occur and amplified their impact, the report said.
Lord Levene said in a forward to the report that "attacks on companies in one country can emanate from the other side of the world, while some countries are effectively 'cyber sanctuaries,' where criminals can operate free from cybercrime legislation."
The study points out that as part of the overall digital risk management strategy, companies should consider the growing number of cyber-risk insurance products and solutions that can transfer these risks to third parties. Although difficult to measure, the current market for cyber insurance is estimated to be about $600 million, a 16-25 percent increase from 2009.
Most digital risk mitigation typically happens within the IT department. However, risk managers, technology experts and other stakeholders need to be more involved in the process in order to bring broader business perspectives to the decisions that are made.
Prith Banerjee, senior vice president of research at HP and director of HP Labs, said the real challenge for risk managers "is to determine how to effectively monitor digital risks in order to decide how seriously they should be considered."
Specifically, for risk managers, the report recommends:
o Setting up a working group of technology experts and key stakeholders across the business to monitor and review business risk exposure.
o Becoming more involved in IT governance and strategy.
o Ensuring applicable standards are used to manage digital risks.
o Considering risk transfer solutions as part of an overall digital risk management strategy.