KNOW YOUR CYBER RISKS
A report by the
Zurich Insurance Group and Atlantic Council highlights 7 different ‘aggregations’ of cyber risk – how many are your clients vulnerable to?
1. Internal IT Enterprise
The risk: The cumulative set of an organization’s (mostly internal) IT
Examples: hardware, software, servers, and related people and processes
2. Counterparties and partners
The risk: Dependence on or direct interconnection (usually non-contractual) with an outside organization
Examples: University research partnerships, relationship between competing/cooperating banks, corporate joint ventures, industry associations
3. Outsourced and contract
The risk: A contractual relationship with external suppliers of services, HR, legal or IT
Examples: IT and cloud providers; HR, legal and accounting consultancy; contract manufacturing
4. Supply chain
The risk: Traditional supply chains and logistics, plus supply chains for the IT sector
Examples: Exposure to a single country, counterfeit or tampered products, risks of disrupted supply chain
5. Disruptive technologies
The risk: Unseen effects of or disruptions either to or from new technologies – either those that already exist but are poorly understood, or those due soon
Examples: Internet of Things, smart grid, embedded medical devices, driverless cars, the largely automatic digital economy
6. Upstream infrastructure
The risk: Disruptions to infrastructure relied on by economies and societies, especially electricity, financial systems and telecommunications
Examples: Infrastructure like internet exchange points and submarine cables, some key companies and protocols used to run the internet (BGP and Domain Name
System; internet governance)
7. External shocks
The risk: Incidents outside the system, outside of the control of most organizations and likely to cascade
Examples: Major international conflicts, malware pandemic
