28.05.2024

Is Cyber Security Top of Your Agenda?

The Allianz Risk Barometer 2024 lists cyber incidents as a major risk for businesses with over 36% of respondents ranking it as their top concern. Despite cyber incidents being on the rise for many years, this is the first time it has topped the ranking on the risk barometer.

It can be hard to balance our increasing reliance on technology against the growing threats online. So, it’s time to ask, is the cyber security of your business top of your agenda? How prepared are you for a cyber incident?

What is a cyber incident?

A cyber incident is anything that successfully breaches your online security to access your digital systems, networks, or services. This could be a ransomware attack, a data breach, or IT disruptions. Our online systems, processes, and security are becoming ever-more sophisticated but as they evolve so too do the methods that hackers will use to target them.

What is the risk of a cyber threat?

The Allianz Risk Barometer lists the top 10 global business risks. For 2024 the top ten risks are ranked as:

Cyber incidents – 36%

Business interruption – 31%

Natural Catastrophes – 26%

Changes in legislation and regulation – 19%

Macroeconomic developments – 19%

Fire, explosions – 19%

Climate change – 18%

Political risks and violence – 14%

Market developments – 13%

Shortage of skilled workforce – 12%

The 2024 list sees cyber incidents ranked top for the first time, unsurprisingly, as 2023 saw a worrying increase in ransomware and extortion losses. And it’s not just large organisations that are at risk. Companies of all sizes have seen an increase in cyber threats and across a wide range of industries.

Ransomware activity surged by 50% compared to the previous year during the first half of 2023, and the speed of attacks has increased too. The average number of days it takes to carry out an attack has fallen from 60 days in 2019 to just 4.

The rise of AI has brought many benefits to organisations but can also potentially increase the number of likely attacks. Generative AI can enable previously less competent hackers to create new strains and variations in ransomware more easily and deepfake video technology, which can be used for phishing schemes, is becoming much more accessible and affordable online.

What is the impact of a cyber incident?

Data breaches are shown as the biggest concern from a cyber attack for organisations (59%), closely followed by attacks on infrastructure and physical assets (53%) and increase in malware/ransom attacks (53%). Disruption from failure of digital supply claims, cloud/service platforms (26%) was also an area of concern.

The impact of a cyber incident can vary widely from financial loss, business disruption, and reputational harm to breaches of contract and/or legal obligations. For example, loss of data could be found to be a General Data Protection Regulation (GDPR) breach and could result in a fine. Whilst loss of income may hit businesses hard, it is often the reputational damage, causing a lack of trust with consumers, which can be especially hard for firms to recover from.

Technology: risk versus reward

As the world becomes increasingly digital, it shouldn’t come as a surprise that the online risks increase with that. But that’s not a reason to shy away from benefiting from technology that can support and improve our systems and processes.

The answer really lies in making sure we invest in the right technology and educate ourselves on how we need to protect our businesses online and what systems and processes should be in place should we find ourselves dealing with a cyber incident. Anyone who has worked in an office will be familiar with regular fire drills that take place. This ensures that everyone in the building knows the measures that are there to keep us safe and what should happen if there is a real fire.

But how often do we run cyber drills? Is everyone in your organisation aware of the risks? Do your staff know what to do to avoid or deal with a cyber incident? If the answer to these questions is “no”, then cyber security needs to be at the top of your agenda. We can’t ever guarantee that our business won’t come under cyber attack, but we can put measures in place to protect ourselves and ensure that we deal with an attack in a way that minimises any further harm.

This even extends to the businesses we partner with. When we purchase technology do we understand what security measures they have in place? Do they have protocol for cyber incidents?

 

It’s clear that businesses are starting to recognise the threat that cyber incidents pose. Balancing this against making better use of technology can pose a major dilemma for firms. Which is why it’s important that we understand not only the risks but how we can also mitigate against them.

For more information on how cyber security can impact on SMCR please read our earlier blog post – Why is Cyber Security Important for SMCR? Find out more about how PeopleClear SMCR can help you to securely manage your SMCR compliance.