Aon predicts the expanding “attack surface” is the biggest cyber risk in 2019
Sydney, 14 February - 2019 Cyber Security Risk Report released today reveals the top 8 risks facing Aussie organisations
The report, which details the greatest cyber security threats and challenges organisations are currently facing, has found that the greatest challenge is simply keeping up with and staying informed about the evolving cyber risk landscape.
Michael Parrant, national practice lead for cyber insurance at Aon said, “The rapid enhancements and pace of technological adoption, has meant that the number of touch-points within a business that cyber criminals can target is growing exponentially.
“We believe the future of cyber risk management must be proactive, oriented around sharing threat intelligence, and collaborating within and across enterprises and industries; ceaselessly hunting for bad actors; and raising the bar on preparedness for the inevitable day when a strike does come.”
Last year provided some salutary lessons in data security with Facebook, Fitbit and Google making headlines. Mr Parrant added, “Over the last few years we have seen a steady increase in regulatory oversight. The EU’s General Data Protection Regulation came into full force, and Australia’s own Notifiable Data Breach regulation has provided an increased financial and reputational motivation for local organisations to take action.”
The Aon report now points to the way ahead, with the need for 2019 to become the year in which companies and organisations recognise the pitfalls as well as the profits to be made through digital transformation.
The “What’s Now and What’s Next Report” highlights eight areas on which Australian companies should focus in order to recognise and mitigate their cyber security risks.
Technology. As integrated technologies such as ‘X-as-a-service’ (XaaS) and ‘Infrastructure-as-a-service’ (IaaS) continue to transform bricks-and-mortar industries, it is important that each assesses its own unique exposures rather than try and adopt an off-the-shelf strategy to manage and mitigate risks.
Supply chain. As cloud-based services and sharing become more common, extending to sharing data between companies and their suppliers, it is important that due diligence is carried out by the lead organisation to ensure the risk of third part cyber security failures are minimised.
Internet of Things (IoT). The pace of adoption of IoT devices in Australia continues to accelerate and is likely to pick up even more as the 5G mobile standard becomes commonplace. However, the 5G network will not improve security. It brings about its own challenges - more devices connected means much higher volumes of data to manage and secure. Future, AI-enabled security measures will prove invaluable in tracking, isolating and securing organisations’ data networks.
Business operations. A significant proportion of Australian industrial infrastructure is aging and unable to withstand the sophistication of today’s malware attacks. As firms expand their IT and OT presence and become more connected, they are creating greater points of attack for malicious agents. It will be important for companies to fully audit all their IT and OT assets and, where possible, fully separate the two.
Employees. An organisation’s staff - at all levels - remain one of the most common causes of security breaches, whether accidental or intentional. Firms are held accountable for the actions of their employees, and therefore it is vital that they develop stringent controls over internal access to and control of the data they are collecting.
Mergers & Acquisitions. Globally M&A deal values are predicted to top US$4 trillion in 2019, which offers an indication of the size and speed of the market. Australian firms are likely to be exposed to such moves. It is vital that the appropriate cyber due diligence be done when companies undertake the process of acquiring others if they want to ensure seamless transitions in the future.
Regulatory. Australian companies are increasingly competing in a global marketplace, multiplying their exposure and risk compared to solely domestic operations. And, as high profile and substantial fines last year have shown, regulators are no longer willing to give up the chase at the border. Australian firms need to be informed and compliant with a raft of regulations in whichever market they are operating in.
Board of Directors. The Buck Stops Here is still an important truth in terms of Directors & Officers when it comes to ensuring the data security practices and regulatory compliance of Australian companies. Gratifyingly cyber security is increasingly understood and acted upon at board level but more leading from the top is required.
Learn more about the risks included in Aon’s 2019 Cyber Security Risk Report. To learn more about the solutions offered by Aon, please also visit aon.com.au/cyber.
About Aon
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.