Latin America. Living in a period of unprecedented technological change, building resilience to these changes is increasingly imperative. By 2020, tens of billions of devices are expected to be connected to the Internet of Things (IoT) but new technology means: new risks.
What if someone hacks a car or power plant? For the same reason, the financial losses incurred through data breaches are likely to reach trillions of dollars.
Building resilient companies that can provide solutions and adapt to these new challenges will be an important task in the coming years. Siloed risk management and recovery efforts will be increasingly out of place in such a digitized world.
To be more resilient in this era of continued digital disruption, it is increasingly important to understand the full scope of cyber responsibilities. This means starting with a top-down approach to risk management at the board level, identifying and protecting the organization's most critical assets and understanding the impact to the company should they be compromised; comply with international regulations; understand the organization's blind spots; adapt to the latest techniques and trends in security; and be prepared to respond in the event of a failure in any of these areas.
Companies should also make sure that their C-Suite and their cyber teams are speaking in the same language, this seems straightforward, but what may seem rudimentary to a cyber specialist, may be too technical for a senior executive.
Cybersecurity cannot be addressed in a fragmented way, but must be considered in a comprehensive way, as a challenge faced by the entire organization, for this reason Aon, a world leader in professional services that offers a wide range of risk, retirement and health solutions, we share a series of strategies that can help organizations prevent cyber risk.
1. Identify your critical assets. Organizations need to identify their most important assets and align the executive team with the people responsible for protecting them. Organizations must assess what data is critical, where it is stored, how it flows in the organization, and who really needs to access it. This could include customer data and intellectual property that could be stolen, or operational and manufacturing technology that could be sabotaged. This can help serve as a foundation for any organization as they develop, test, and validate their security program.
2. Conduct a comprehensive risk assessment. Once alignment of critical assets from the top down has been established, it will be easier to identify vulnerabilities and assess cyber readiness. Organizations should review cybersecurity deficiencies and vulnerabilities in all key business areas, including business practices, information technology, IT users, security standards, and the physical security of information assets. Risk could also manifest as losses due to business interruption or reputational damage.
3. Adopt a comprehensive approach to cyber standards. Cyber risk mitigation isn't just an issue for technology teams. The scope of risk means that protection against attacks must involve key actors across all functions and entities of the company. Educating employees and leaders at all levels on the risk scale, and establishing interim crisis plans will help build a truly cyber-resilient organization.
4. Keep your defenses sharp. A secure environment requires constant validation and can become vulnerable in an instant. It is recommended that companies implement techniques such as attack tests to computer systems with the intention of finding security weaknesses and ensuring that their applications, networks and endpoints are not vulnerable.
Addressing ever-changing cyber threats could be a complex task, especially because of the challenges of ensuring sufficient levels of technical knowledge, at Aon we help clients identify, address and respond to their cyber risks for pre-planning and responding to each incident; identify and quantify risks and ensure continuity of operations through claims consultation.
