Latin America. Recently Rubén Barrera, Director of Damage Technician and Special Lines of Aon Mexico, said that we live in a period of unprecedented technological change. Resistance to these changes is increasingly imperative. By 2020, tens of billions of devices are expected to be connected to the Internet of Things (IoT).
But new technology means new risks. What if someone hacks a car? Or a power plant? In the same way, the financial losses caused by data breaches will likely reach trillions of dollars.
There are also positive opportunities. 4.2 billion people are expected to be online by 2020, or 54.5% of the world's population, exchanging and sharing goods and information.
Risk management and recovery efforts will be increasingly out of place in such a digitized world. Being more resilient in this era of continuous digital disruption increasingly means understanding the full scope of cyber-government responsibilities. This means starting with a top-down approach to risk management at the managerial and executive level, identifying and protecting the organization's most critical assets and understanding the impact on the company, if they are compromised at all.
It also means complying with international regulations; understand blind spots within organizational ones; adapt to the latest security techniques and trends and be prepared to respond in the event of a failure in any of these areas.
Cybersecurity cannot be approached in a piecemeal way, but must be considered holistically, as a challenge faced by the entire organization. There are two key areas to consider: The regulatory environment and organizational culture. If leaders want to take full advantage of new technology, they can't just think about that technology: they need to consider the business context in which that technology operates and the impact and risk exposure it can cause to the organization.
Companies also need to make sure that their C-Suite and their cyber teams are speaking the same language – this seems straightforward, but what might seem rudimentary to a cyber specialist may be too technical for a C-level executive.
Here are cybersecurity tips for leaders to keep in mind when operating in today's digital, connected, and regulated world.
1. Identify your critical assets. Organizations need to identify their most critical assets and have alignment with the board and executive team down to the people who are responsible for protecting them. Organizations must assess what data is critical, where it is stored, how it flows through the organization, and who really needs access to it. This could include customer data and intellectual property that could be stolen, or operational and manufacturing technology that could be sabotaged. This can help serve as the foundation for any organization as they develop, test, and validate their security program.
2. Conduct a comprehensive risk assessment. Once alignment on critical assets has been established from the top down it will be easier, to identify vulnerabilities and assess cyber readiness. Organizations should review cybersecurity deficiencies and vulnerabilities in all key areas of the enterprise, including business practices, information technology, IT users, security governance, and the physical security of information assets. The risk could also manifest as losses due to business interruption or reputational damage.
3. Take a holistic approach to cybersecurity. Mitigating cyber risk isn't just an issue for tech teams. The scope of risk means that protection against attacks must involve key players across all business functions and entities. Educating employees and leaders at all levels on the risk scale, and putting interim crisis plans in place will help build a truly cyber organization.
4. Keep your defenses sharp. A secure environment requires continuous validation and can become vulnerable in an instant. Deploy techniques such as pen test or red clustering exercises to ensure your applications, networks, and endpoints are not vulnerable.
Ensuring that an organization can address risks effectively means ensuring that the nature and scale of those risks is effectively communicated.
Aon Mexico helps clients identify, address and respond to their unique cyber risks. Our solutions framework broadens the typical scope to address cyber risk and our services go beyond risk transfer: engagement with our clients for pre-breach planning and incident response services; identify and quantify the unique risks they face; assist in the selection and implementation of appropriate solutions for risk transfer and ensure continuity of operations through claims consultation.
Cyber risk is not static, and as such our framework serves as a tool for holistic cyber risk management.
