A special guest post by Global Security Consultant and Political Risk Expert, Paul Crespo. This is the sixth post in the series.
With larger and costlier data breaches being reported every day, cyber security is quickly moving from being seen by C-level executives as a purely technical security issue, to a top business risk for global corporations.
Cybercrime and cyberspying are costing the US economy $100bn a year, and the global economy perhaps $300bn annually, according to a report by the Center for Strategic and International Studies (CSIS); and senior business executives are taking notice.
According to Lloyd’s (formerly Lloyd’s of London) 2013 Global Risk Index, based on a global survey of over 500 C-suite and board level executives, cyber security is now the third highest concern for international business, having jumped there from 12th place in 2012.
Cyber security now places just slightly lower than high taxation and loss of customers as the most worrisome risks facing international businesses today. Since customers also generally leave when organizations are breached, customer loss and cybercrime are closely linked, making two of the top three top business risks cyber security-related.
Cyber Attacks Worse than a Natural Disaster
As for the potential damage to a company, a separate survey by the Experian Data Breach Resolution team and the Ponemon Institute found that 76% of corporate security professionals believe protecting against a cyber security breach is more important, or at least as important, as safeguarding against a natural disaster, business interruption or fire. Cyber threats can devastate your international business as thoroughly as a tsunami.
Biggest Cyber Threats
While there are numerous internet security threats targeting international businesses, the most common and dangerous generally include the following three threats:
- Cyber Social Engineering – online intrusions that rely heavily on human interaction and involves tricking trusted employees to break normal security procedures, usually via fake “phishing” emails in order to penetrate networks .
- Advanced Persistent Threats (APT) – sophisticated network attacks where an intruder gains access to a network, often through social engineering, and stays there undetected over time in order to steal large amounts of valuable data.
- Human Error. A recent Ponemon Institute study found that human errors and system problems, such as mishandling confidential data, lack of system controls, and violations of industry and government regulations, accounted for 64% of data breaches globally.
Cyber security needs to be front and center in all corporate security programs, and training employees across the entire enterprise in basic internet security protocols should be a key element of any program. Security professionals should also prominently include the impact of a major cyber attack and data loss in their crisis management plans.
Be sure to read the other posts in this series:
Paul Crespo is a global security and political risk expert. A Senior Consultant with Trident Crisis Management Group, he has appeared on Fox News, CNN and other major TV news venues. He has varied experience in corporate security, kidnap and ransom negotiations, intelligence and diplomacy as well as military operations in hotspots from the Balkans to the Persian Gulf. A former officer in the US Marine Corps he was also assigned to the Defense Intelligence Agency (DIA) as a military attaché and posted to several US embassies overseas. Paul graduated from the Georgetown University School of Foreign Service, and has a Masters degree in War Studies from Kings College, University of London, and a Masters degree in International Relations from Cambridge University in the UK. Paul Crespo can be reached at firstname.lastname@example.org