As more and more businesses become increasingly dependent on online services and technology, the added level of cyber risk is often overlooked. Most organizations tend to focus on data privacy issues, however the possible impact of debilitating outages on day to day operations can be even more serious.
Cyber risk is bigger than ever and it’s getting worse
According to a recent Marsh report, problems caused by tech failures are now the leading cause of supply chain disruptions. The failures themselves can be caused by poorly implemented Cloud solutions, infrastructure failures, cyber attacks, and natural disaster, for example.
Recent examples are the Bluehost outage, which crippled thousands of businesses for two days, ranging from small blogs to SMEs and e-commerce services. It was the result of a botched software update. Last October hurricane Sandy knocked out multiple sites hosted in New York, including some relatively big ones. Contingency planning often can’t help in such situations.
Cyber attacks are even more prevalent. Banks all over the world have experienced numerous attacks in recent years. US banks were attacked on several occasions, bringing services to an abrupt halt, but so far most attacks have been limited to individual banks. However, a massive attack on the South Korean banking sector was reported earlier this year. It crippled several banks for hours and proved that large scale attacks are possible, although it is believed that the attack was state-sponsored.
Cost and emerging threats
The direct cost of cyber risk due to IT failures is usually easy to estimate. The average business loses 545 man-hours each year, and a recent survey conducted by CA technologies found that the cost of downtime is going up; last year it was estimated at $138,000 an hour, up from $98,000 per hour in 2010. The indirect costs of cyber risk can be even higher and more far reaching. Businesses can lose revenue, reputation, and ultimately clients, especially if the outages are frequent.
Cyber attacks are also on the rise. They are more frequent, and they are getting more sophisticated. Distributed Denial-of-Service (DDoS) attacks are currently the weapon of choice for malicious organizations and individuals looking to disrupt IT services, and recent research indicates that the number of high-bandwidth DDoS attacks is on the rise.
The “consumerization” of IT has been a source of concern among IT professionals for years, along with the Bring Your Own Device (BYOD) trend. Consumer-grade equipment tends to be more vulnerable to attack and prone to failure, hence implementing sound BYOD policies is vital. With more mobile devices being used for business, the risk of data theft or loss is going up, as well. Cloud services and encryption can be used to mitigate this risk to some extent.
Perhaps the biggest long-term risk is the fact that small organizations are now relying on multiple online services for their everyday operation, yet they lack the resources and expertise to deal with outages.
Cyber insurance is evolving to meet new challenges
Cyber insurance coverage is evolving to cope with emerging threats; it’s no longer limited to data breaches and hacking attacks. As organizations tap more and more online services, cyber insurance policies are expanding to cover a broader range of failures and outages.
The way companies do business has changed dramatically over the last decade and cyber insurance is no longer a niche product for tech companies and multinationals. With cyber risk here to stay, cyber insurance will continue to evolve alongside technology to encompass a multitude of new risks and services, and mitigate risks posed by new technologies which are not even on the market right now.
Image credit: olechowski / 123RF Stock Photo
Find an upcoming Loss Prevention Seminar near you! View our full schedule of Loss Prevention Seminar topics for information about our Loss Prevention Services.