Zurich Insurance Group and the Atlantic Council released theirlatest report, "Beyonddata breaches: global interconnections of cyber risk,"outlining how interdependencies among sectors can lead to cascadingcyber shocks.
|Over the last several years, the Internet and associatedinformation technology have fostered the growth of businessesaround the world. The way we conduct business has transformed, butdependence on the Internet also has a dark side.
|"As society becomes more technologic, even the mundane comes todepend on distant digital perfection," said internet risk expertDan Greer.
|Unfortunately, modern cyber risk management does not give muchthought to "distant digital perfection," and the aggregations ofcyber risk, which sometimes can lie far outside an organization'sown server and firewalls.
|It has become much easier to attack than combatcybercriminals. The report suggests that the internet of tomorrowwill almost certainly be less resilient, available and robust thanit is today, and it will be more likely to initiate and cascadeglobal shocks.
|Risk managers, regulators and organizations with system-wideresponsibility should focus on resilience and agility rather thanprevention, the report suggests. With the interconnectedness ofglobal business, combined with Internet dependency, risks canstrike quickly and from any direction. Many businesses are leftvulnerable.
|Zurich provides recommendations for individual organizations inthe report to better prepare and react to cyber hazards. However,the report indicates that organizations create comprehensive,customized plans for handling cyber risks.
|Recommendations for individual organizations include:
|Basic: regardless of the size of theorganization, there is a relatively small set of actions to protectfrom the most cyber risk:
- Provide application whitelisting
- Use standard secure system configurations
- Patch application software within 48 hours
- Reduce the number of users with administrative privileges
Advanced: larger, more sophisticatedorganizations should certainly implement the 20 Critical SecurityControls, but they also have the capability to engage in far moreadvanced cyber risk management.
- Push out risk horizon
- Cyber insurance
- Demand more resilient and secure standards and products
- More effective board-level risk management
Resilience: for all organizations, and in someways, perhaps the most effective.
- Redundancy
- Incident response and business continuity planning
- Scenario planning and exercises
Zurich and the Atlantic Council's report, "Beyond databreaches: global interconnections of cyber risk," is aculmination of a yearlong study regarding interrelated cyberhazards and underlying risks.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
