Zurich Insurance Group and the international think tank, Atlantic Council, have released new risk-management specific insights—including recommendations—from their pioneering new report on cyber risk, shocks and resilience. As the Internet increasingly connects with real life and permeates all facets of society, it can be a source of global shocks for which risk managers, corporate executives, board directors and government officials might not be prepared.
The industry specific insights from a recent news conference—held at the RIMS 2014 annual conference and exhibition for risk managers—will help to prepare risk managers to address these cyber shocks of tomorrow and become more resilient and possibly prevent what could be called a cyber sub-prime meltdown.
“To help protect the integrity and reliability of cyberspace and the bottom line for businesses, governments, the private sector and civil society must work closely together,” said Dan Riordan, CEO Zurich Global Corporate North America. “We need a clear plan of what to do in the case of an event – both at the individual company level and also holistically and hopefully this report becomes a catalyst for developing such a plan.”
Recommendations for managing risk include some combination of the following actions depending on their sector-specific factors.
• Shifting from protection to resilience
• Improving basic cyber security
• Embracing new technology but carefully managing the risks
• Implementing incident response and business continuity planning
• Focusing on interconnection risks
• Pushing out the risk horizon and looking beyond their four walls
• Practicing board level risk management
The report, “Risk Nexus: Beyond Data Breaches: Global Interconnections of Cyber Risk” is the result of a year-long study by the Atlantic Council and Zurich on interrelated cyber hazards and underlying risks and was designed to better prepare governments and businesses for the cyber shocks of the future.
As the Internet increasingly connects with real life and permeates all facets of society, cyber attacks can affect interdependent systems like electrical grids and global logistics systems. Through a combination of stable technology and dedicated technicians, the Internet has been resilient to attacks on a day-to-day basis, creating an extended period of reliability. Yet, as we approach nearly absolute dependence on the Internet, cyber attacks of the future can and will affect globally interconnected systems.
“The recent Heartbleed vulnerability demonstrates the main message of the report,” according to report author Jason Healey, who serves as director of the Atlantic Council’s Cyber Statecraft Initiative. “The Internet is so complex and tightly coupled to the real world, it turns out we were all gravely exposed to a cyber risk in an obscure technology that few understand and we didn’t see coming. This time it was just passwords, but what happens once the internet is connected to the electrical grid or driverless cars?”