The latest major data breach to hit big business has seen hackers stealing the personal data of 1.3 million customers of French telephone company Orange, which has been attacked twice in three months.
The cyber crims acquired names, email addresses, mobile and fixed line numbers, names of mobile and internet operators and the dates of birth of current and potential customers.
While breaches of this size are big news, a UK survey has found that only 30% of breaches ever make it to the media, meaning what we hear about is just the tip of the iceberg.
Following the news last week that Target CEO Gregg Steinhafel quit his position in the wake of the devastating breach on the US retail giant last December, there are no doubt many CEO’s are suffering sleepless nights at the potential damage data breaches can cause.
Analysts are predicting businesses around the world will spend a combined US$30 billion this year on cybersecurity and industry experts are saying now is the time to act so that if a breach does occur, company bosses can show their board of directors it’s not because of a lack of resources devoted to data security.
Indeed, failure to act could prompt a global shock similar to the 2008 financial crisis, according to a new report published by Zurich in collaboration with international think tank the Atlantic Council.
The report, Beyond Data Breaches: Global Interconnections of Cyber Risk, reveals that even cyber professionals are not clear on how the failure of an organisation or of technology could develop to become a system-wide risk.
Zurich national underwriting manager, professional indemnity – financial lines, James Stringer, says the reliance on information technology in this day and age has created a complex web of interconnected risks.
“Cyber-risk management professionals need to look beyond their internal information technology safeguards to interconnected risks which can build up relating to counterparties, outsourced suppliers, supply chains, disruptive technologies, upstream infrastructure and external shocks,”says Stringer.
The report found that a build-up of these risks could create a failure on a similar scale to the 2008 financial crisis.
These interconnected risks are compounded when a company outsources the management of its servers, information technology and cyber security to focus on its core activities.
Little information may be known about the third party’s information security or business continuity safeguards and it may also in turn outsource activities to other companies.
The report calls for organisations to incorporate the best ideas from financial governance such as creating a G20+20 Cyber Stability Board to enhance cyber risk management and identifying and improving the governance of G-SIIOs (Global Significantly Important Internet Organisations).
“Few people truly understand their own computers or the internet, or the cloud to which they connect, just as few truly understood the financial system as a whole or the parts to which they are most directly exposed,” said Stringer.
“The result means that a significant chain of disruptions to an interconnected system could bring it all crashing down. Companies need to build resilience and the ability to bounce back from disruptions to make them as short and limited as possible.”
To read the full report click here.