Aon has released its 2019 Cyber Security Risk Report, which details the greatest cybersecurity threats industries are facing today.
“In 2018 we witnessed that a proactive approach to cyber preparation and planning paid off for the companies that invested in it, and in 2019, we anticipate the need for advanced planning will only further accelerate,” said J. Hogg, CEO of Cyber Solutions at Aon. “Leaders must work to better insulate their companies and their processes, while simultaneously identifying the ways they can benefit from the opportunities offered through technology and digital transformation.”
Hogg said that Aon’s report also highlighted the need for communication and collaboration across enterprises when dealing with cybersecurity issues.
“While it may seem counterintuitive when thinking about cybersecurity, collaboration within and across enterprises and industries can keep private data of companies and individuals alike safer,” Hogg said. “Working together can result in improved efforts to hunt bad actors, while also raising the bar and making all parties more prepared for the inevitable day when disruption does happen.”
The report focused on eight risk areas that companies may face in 2019. The risks illustrate that as companies transition to a digital-first approach, the number of entry points for cyber criminals is growing exponentially, Aon said.
Highlights from the report include:
- Technology: More widespread use of technology brings with it new vulnerabilities. Organizations will need to anticipate and manage these risks as they continue the digital transformation process, Aon said.
- Supply chain: Aon projected that two prevailing supply-chain trends would heighten cyber risk dramatically in 2019: The rapid expansion of operational data exposed to cyber criminals and companies’ growing reliance on third-party – and even fourth-party – vendors and service providers.
- Internet of Things: Every IoT device in a workplace presents a potential cybersecurity risk. Aon found that many companies did not securely manage or even inventory all IoT devices that touched their business – an oversight which has already resulted in cyber breaches.
- Business operations: While increased connectivity to the internet improves operational efficiency, it also leads to new security vulnerabilities, making it easier for cyber attackers to move laterally across entire networks. Aon said that companies needed to be better aware of, and prepared for, the cyber impact of increased connectivity.
- Employees: Employees remain one of the most common causes of cyber breaches, but most may not realize the danger they pose to their organization’s cybersecurity. It is imperative for organizations to establish a comprehensive risk-mitigation approach that includes strong data governance, clear communication of cybersecurity policies and effective access and data-protection controls.
- Mergers and acquisitions: M&A deal value is estimated to have topped $4 trillion in 2018. Unfortunately, M&A deals pose a dilemma for companies: While they may have strong cybersecurity controls in place, there is no guarantee that their M&A targets do. Dealmakers must incorporate specific cybersecurity policies into their M&A plans to ensure seamless transitions, Aon said.
- Regulation: The pace of cyber regulation increased last year, setting the stage for heightened compliance risk this year, Aon said
- Boards of directors: Cybersecurity oversight continues to be emphasized by boards of directors and officers, but Aon said that boards should continue to expand their focus and set a strong tone for the company – not only for actions taken after a cyber incident, but also proactive preparation and planning.