Cyber’s threatening advance

Cyber security is essential as the scale and sophistication of risks will likely only grow.

It is that one topic that just won’t go away. To quote Richard Samans, a member of the Managing Board, World Economic Forum, cyber is rapidly emerging as a major headache in boardrooms across the globe and it is firmly on the agenda for next week’s Davos gathering of world leaders.

Speaking at the launch of the World Economic Forum′s Global Risks 2018 Report in London on Wednesday, John Drzik, president of Global Risk and Digital, Marsh, explained that cyber is an area where the threads in the global risk environment come together and the scale and sophistication of risks is going to grow. This, he said, is fuelled in part by geopolitical trends – more state-sponsored attacks could add to those that are financially motivated.

To add to the threat of an increasing suite of attackers – cyber exposure is growing in companies due to the proliferation of interconnected devices. There are currently 8.4 billion such devices out there – an amount that is already greater than the global population of 7.6 billion – and this number is projected to grow to 20 billion by 2020. This widens that attack surface area for companies, Drzik said, and the use of artificial intelligence and other emerging technologies is also leading to greater cyber exposure.

Governments and businesses must increase the amount of investment in cyber risk management, he told the London event. Even though the cyber risk has become more visible, it is still under-resourced in the amount of effort being put into risk mitigation, even though attacks can be very costly.

Drzik compared the economic cost of damages for extreme weather and natural catastrophes and those from a cyber breach, with the economic costs of an attacker taking down a major cloud provider estimated at between USD50 billion to USD120 billion – akin to a Hurricane Sandy or Katrina event.

The aggregate cost of cyber is now estimated via a number of sources at a trillion dollars in economic cost per year, he said, whereas the economic losses from 2017’s record year for natural catastrophes was USD300 billion. Cyber is above the scale of natural catastrophes and yet infrastructure against it is smaller in scale, he explained. You just need to look at the government agencies and voluntary organisations that focus on responding to natural catastrophes and compare those that focus on cyber.

National cyber agencies are much less resourced. They have some capacity but not enough to deal with what is a significantly growing risk, he stressed. Furthermore, most businesses in natural catastrophe zones have very detailed business continuity plans to respond to that type of emergency, Drzik added, whereas only about one-third of companies have a cyber incident response plan to respond to a major attack.

It should be clear to all that this is a problem that isn’t going to go away. However, should you require more convincing, some of the data in the WEF’s Global Risks 2018 Report are sobering. Cyber breaches recorded by businesses have almost doubled in five years, from 68 per business in 2012 to 130 per business in 2017 and in 2016 alone, 357 million new malware variants were released and “banking trojans” designed to steal account login details could be purchased for as little as USD500.

Furthermore, according to the 2018 risk outlook, the financial costs of cyber attacks are rising. A 2017 study of 254 companies across seven countries put the annual cost of responding to cyber attacks at GBP11.7 million per company, a year-on-year increase of 27.4%. The cost of cyber crime to businesses over the next five years is expected to be USD8 trillion.

This is scary stuff. Shipping was subject to a significant wake-up following the Not-Petya attack on Maersk last June. There is no question about there being more attacks. The focus will be on the industry’s ability to respond to them.