Cyber Risk Handbook 2015
Cyber risk is an escalating threat and one of the most challenging issues facing the world today. Attacks are becoming more frequent, more intense and more sophisticated. Motivations are wide-ranging – from financial gain to threatening critical infrastructure and national security – and the nature of attacks is constantly changing. With cyber risk, there is an active adversary so defenses need to be increasingly sophisticated to keep pace.
The cost to businesses is rising sharply. Economic harm resulting from a cyberattack can take many forms, including loss of intellectual property, business interruption, property damage, direct financial loss, and reputation damage. Given this potential risk of loss, companies are spending extensively on cybersecurity technology and services to help mitigate the risk and buying cyber insurance to transfer some of the risk. The total economic impact of cyber, combining operating costs and risk of loss, is substantial and growing.
Cyber risk is not just an IT issue. It is a Board-level governance issue which requires the engagement of the full executive leadership team to address. Effectively managing cyber risk today extends far beyond building better technology defenses. It requires a comprehensive, multidimensional approach that looks at people, processes, and vendors – and includes response and recovery plans in addition to prevention tactics. Companies should anticipate that they will experience cyberattacks, and ensure plans are in place to consider not only an effective technology response but also messages to stakeholders, alternative supply routes, and other factors that will depend on the attack scenario. On a continuing basis, companies will need to invest in training, stress testing, and evolving their response strategies.
With all that in mind, we’ve compiled the Cyber Risk Handbook 2015: Perspectives on Prevention, Preparation & Response. The report provides insight and perspective on the challenges stemming from cyber risk, as well as ideas on how to approach cyber risk assessment and management. The compendium includes articles, report extracts, and perspectives from business leaders across Marsh & McLennan Companies as well as outside experts with whom we collaborate. It examines the full spectrum of cyber risk from a macro to a micro level and includes such topics as evolving cyber regulation, the value of sharing threat information, the role of the board, developments in insurance markets, cybersecurity talent challenges, and implementing effective response plans.
Cyber risk is a race without a finish line. We hope this publication will help connect the dots on some of the essential elements of this dynamic issue, as well as increase awareness and understanding on how to approach this significant and persistent threat.