Cyber Attacks: How to Rapidly Detect, Respond and Contain Damage
How can firms stay on top of cyber threats in an increasingly digitalized world?
Key Takeaways
-
Cyber attack is one of the top five risks business leaders focus on most.
-
Embracing risk is the only option, with prepared business leaders continuing to make long-term investments in long-tail risks.
-
Business leaders are embracing counsel from both internal and external sources to mitigate cyber risk.
In the face of rising inflation and an ongoing energy crisis, leaders still recognize cyber attacks as one of the top five threats to their business. According to Aon’s Executive Risk Survey 2022, 40 percent of business leaders are focusing their efforts on managing cyber risk. Despite the urgent challenges this brings to the table, leaders are not pulling back on cyber preparedness.
Emerging Cyber Security Threats
As many as 83 percent of organizations have experienced more than one data breach in their lifetime1, averaging upwards of US $4 million in damages. Even sophisticated security measures are falling short and quickly becoming obsolete as attackers continue to adapt and evolve. Once a breach occurs, it can often remain undetected for long periods, taking an average of nine months2 and causing significant damage in the meantime.
Threat #1: Social engineering attacks
Phishing, compromised business emails, third-party software vulnerabilities, and stolen or compromised credentials were the costliest cyber threats for businesses in 2022, totaling about US $20 billion and resulting in business interruption losses, infrastructure destabilization, private data leaks, theft of proprietary information, loss of reputation, and much more.
Threat #2: Evolving work models
Forbes3 estimates that by 2025, 70 percent of the workforce will be working at least five days a month remotely. Such rapid digital evolution of business models across all industries has made cyber risk a persistent threat to the ‘new normal.
Threat #3: Interconnected risks across business ecosystems
Businesses are now exposed to rising interconnected risks not just from within an organization’s own network but also countless vulnerabilities in a complex ecosystem of physical and digital vendors, partners, supply chains, and even open-source code.
How to Embrace Risk and Build Cyber Resilience
Top business leaders know that now is not the time to slash cyber security budgets, with 69 percent of organizations planning to increase their cyber security spending.4 For 90 percent of well-prepared leaders, the current economic climate has increased their appetite for addressing risk.
Because vulnerabilities exist inside and outside an organization, fully addressing cyber risk requires an enterprise-wide, cross-functional approach that extends beyond its network perimeter. In addition to the Chief Information Officer and Chief Information Security Officer, cyber security should be the responsibility of executive-level and departmental leaders.
A strategic and integrated approach involves pre-defined roles and cross-functional communication across the organization, with the aim of building organizational resilience as opposed to preventing incidents. Strategies should encompass the following:
Cyber security and phishing training for all employees
Create a cyber secure culture where enterprise security is the responsibility of all technology users, and train employees to spot and report suspicious incidents.
Multifactor authentication and limited access controls
Add additional requirements to the login process to limit the damage of stolen credentials, segment the network to reduce the spread of malware, and limit access privileges.
IT security controls, software patching, detection tools
Ensure all systems are up-to-date, vulnerabilities are patched, and detection tools and alerts are properly configured, and log all activity.
Involving incident response and functional experts
Hire professional cyber threat hunters trained to anticipate situation-specific threats and pre-arrange digital forensic experts, legal counsel, crisis communicators, and ransom negotiators.
Threat hunting, threat intelligence, and supply chain due diligence
Systematically hunt generic and targeted threats within the network, test third-party software, and monitor the deep and dark webs for threats and leaked assets.
Vulnerability testing and attack simulations
Stage simulated attacks using real-world breach techniques to evaluate the organization’s ability to prevent, detect, and respond to threats and use metrics to inform cyber security strategies and budgets.
Business continuity, disaster recovery planning, and third-party risk management
Regularly review and update incident response playbooks, business continuity plans, and disaster recovery plans, test response through realistic simulations, enforce third-party risk assessments and hold post-incident reviews.
430%
increase in supply chain attacks in 2020
Source: Office of the Hong Kong Government Chief Information Officer
Cyber Resilience Strategy Must Work Hand-in-Hand With Risk Transfer and External Counsel
Even the best precautions can fail to keep attackers permanently at bay. Traditionally considered to have secure and protected systems, the financial sector has been particularly prone to cyber attacks in 2022, as in outages in New Zealand for ANZ bank5 and attacks on the Japanese cryptocurrency exchange, Liquid.6 Globally, there were various high-profile incidents of bank theft using the SWIFT electronic payment messaging network. The Sunburst hack of 2020 also shows how a backdoor supply-chain attack compromised organizations with best-in-class cyber security practices. These included key US government agencies, Microsoft, Intel, cyber security firm FireEye, and more.
Because cyber attacks can never be fully circumvented, no cyber resilience strategy is complete without risk transfer. This involves assessing and quantifying the organization’s cyber risk exposure and tolerance and incorporating these into a long-term strategy. Appropriate cyber insurance coverage can then be obtained for areas such as indemnification for loss, liability, regulatory omissions, physical damage and more. This approach also reinforces the corporate risk management mindset and influences cyber security controls and best practices across the organization.
Another key differentiator in leaders’ quest for sustained cyber resilience is a willingness to engage a good external advisor or consultant to help make better decisions and address risk. Resisting the impulse to delay capital investment in response to short-term risks, well-prepared leaders are open to bringing in consultants to help strengthen an organization’s response to real-world threats.
Mitigating Cyber Risk
- Build a cyber resilience strategy
- Ensure appropriate cyber insurance coverage
- Partner with external advisors and consultants
Today’s business risks are interconnected, challenging leaders to respond to emerging threats with agility. Organizations can only head into uncertainty with confidence by addressing top risks such as cyber security.
For more information on cyber risks, download our 2022 Executive Risk Survey.
Related Solutions
1 IBM’s 2022 Cost of a Data Breach Report
2 IBM’s 2022 Cost of a Data Breach Report
3 Forbes: This Is the Future of Remote Work In 2021
4 Infosec: 2022 cybersecurity spending trends: Where are organizations investing?
5 ZDNET: ANZ New Zealand back online after outage from DDoS attack
6 CNBC: More than $90 million in cryptocurrency stolen after a top Japanese exchange is hacked
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 8 mins
U.S. Rail Sectors Work to Mitigate Capacity and Pricing Risk Issues
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
-
Article 11 mins
D&O Risks and Considerations for Businesses Planning an IPO
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
-
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.