Risk managers don't have to look far for examples of cyber attacks and the problems they cause. Last year was the worst year to date for data breaches as more than 740 million data files were illegally viewed or stolen from around the world, according to Data Breach Today.
The nature of cyber attacks is evolving. While “point-of-sale” attacks are old news, in today's connected world an attack on a cloud provider is the next type of global breach, according to Zurich.
Click through the slides to learn the seven aggregations of cyber risk, as outlined by Crawford & Co.
1. Internal IT enterprise
Risk associated with the cumulative set of an organization's IT.
Examples: Hardware, software, servers, and related people and processes
Related: Half-million servers exposed to 'Heartbleed' cyber threat
Counterparties and partners
Risk from dependence on, or direct interconnection (usually non-contractual) with an outside organization
Examples: University research partnerships, relationship between competing or cooperating banks, corporate joint ventues, industry associations
Related: M&A deals at risk from weak cyber due diligence
Outsourced and contract
Risk usually from a contractual relationship with external suppliers of services, HR, legal or IT and cloud providers.
Examples: IT and cloud providers, HR, legal, accounting and consultancy, contract manufacturing
Related: Remote workers pose increased threat to cyber security: 4 tips to manage risk
Supply chain
Both risks to supply chains for the IT sector and cyber risks to traditional supply chains and logistics
Examples: Exposure to a single country, counterfeit or tampered products, risks of disrupted supply chain
Related: Freight increasingly at risk for cyber crime
Disruptive technolgies
Risks from unseen effects of or disruptiosn either to or from new technologies, either those already existing by poorly understood or those due soon
Examples: Internet of things, smart grid, embedded medical devices, driverless cars, the largely automatic digital economy
Related: When the Internet of Things meets crime, it's a cyberastrophe'
Upstream infrastructure
Risks from disruptions to infrastructure relied on by economies and societies, especially electricity, financial systems and telecommunications
Examples: Internet exchange points and submarine cables, some key companies and protocols used to run the Internet, Internet governance
Related: Evaluating cyber risk for U.S. critical infrastructure assets
External shocks
Risks from incidents outside the system, outside of the control of most organizations and likely to cascade
Examples: Major international conflicts, malware pandemic
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.