{"id":25409,"date":"2019-03-26T15:03:15","date_gmt":"2019-03-26T13:03:15","guid":{"rendered":"https:\/\/www.getsmarter.com\/blog\/?p=25409"},"modified":"2025-08-22T12:48:48","modified_gmt":"2025-08-22T10:48:48","slug":"an-ongoing-project-a-cyber-risk-mitigation-strategy","status":"publish","type":"post","link":"https:\/\/www.getsmarter.com\/blog\/an-ongoing-project-a-cyber-risk-mitigation-strategy\/","title":{"rendered":"An Ongoing Project: A Cyber Risk Mitigation Strategy"},"content":{"rendered":"\n

Why do business owners and stakeholders consider cybersecurity risk prevention to be a top priority above other operations?1<\/sup> A number of high profile data breaches in recent years, including the likes of British Airways and Facebook,2<\/sup> are proving that no one is safe from cyber attacks. With cybercrime damage costs expected to reach $6 trillion annually by 2021,3<\/sup> businesses of all sizes are rapidly taking countermeasures to contain risks through the implementation of cybersecurity strategies.<\/p>\n\n\n\n

The true cost of a cyber attack<\/h2>\n\n\n\n

The damage of cybercrime can depend greatly on how resilient a company is and what cybersecurity strategy they have set in place.<\/p>\n\n\n\n

According to a study conducted by Ponemon Institute, the average cost of a successful cyber attack<\/a> to an organisation can be as much as $5 million, or $301 per employee.4<\/sup> But dollars lost only accounts for the direct cost of a breach. The true costs can cut even deeper and some businesses never fully recover from a cyber attack.<\/p>\n\n\n\n

Here are four factors that influence the indirect costs of a breach:<\/p>\n\n\n\n

    \n
  1. Data loss<\/strong>
    According to recently collected data on cybersecurity, approximately 2.6 billion records were stolen, lost or exposed worldwide in 2017.5<\/sup> The loss of this information racks up much larger bills than just the initial data recovery, leading to potential fines, penalties, and litigation for a business.<\/li>\n
  2. Investor perception<\/strong>
    Once a breach happens, a sudden drop in a company\u2019s perceived value is likely to follow. Negative media coverage can fuel the \u201csell now\u201d groupthink, which could be the final nail in the coffin if your business is unable to stay afloat in the wake of an attack. This is especially true for smaller companies that don\u2019t have the infrastructure.6<\/sup><\/li>\n\n\"average\n\"average\n \n\n
  3. Reputation<\/strong>
    Companies don\u2019t only lose current customers following a cyber attack; a damaged brand reputation means they also lose the potential to gain new ones down the road. A company\u2019s brand is linked to all aspects of business, including growth and revenue. In fact, 85% of U.S. consumers are loyal to brands that safeguard and protect their personal information,7<\/sup> meaning a data breach can have serious implications for the future of your business.<\/li>\n
  4. Operational cost<\/strong>
    On top of loss of data, cybercriminals will sometimes focus their efforts on taking down a business\u2019 online operations through DDOS attacks, which can lead to loss of customers, and ultimately money.8<\/sup> This risk, in particular, is one that requires strategic resilience planning to overcome.<\/li>\n<\/ol>\n\n\n\n

    Mitigating attacks through cyber risk management<\/h2>\n\n\n\n

    There are many ways an organisation can be deemed to be cyber resilient, but an important indicator is a deep understanding of cyber risk. This means going above and beyond IT considerations, by implementing cyber risk management into your overall business strategy.9<\/sup><\/p>\n\n\n\n

    Organisations that have traditionally viewed cybersecurity as separate from other risks are now starting to see the bigger picture. Lori Bailey, Global Head of Cyber Risk at Zurich Insurance, says, \u201cThe goal should be to develop resilience and protection, because as cyber risks accumulate it becomes more difficult to anticipate them all.\u201d10<\/sup><\/p>\n\n\n\n

    To manage risk, a company needs to assess the likelihood and potential effects of a cyber attack and then determine the best way of dealing with them. Not all risks can be entirely avoided, and no organisation has an unlimited budget or enough staff to completely secure their network. Instead, risk management is about handling the effects of uncertainty in a way that makes the most sense through an effective use of resources.<\/p>\n\n\n\n

    The goal should be to develop resilience and protection, because as cyber risks accumulate it becomes more difficult to anticipate them all.<\/p><\/blockquote><\/figure>\n\n\n\n

    Business leaders and security operations managers need to ensure they are working together to make the right decisions in different areas of the business in order to be successful. Keeping track of cybersecurity is no longer just an IT function. With the threat of cyber attacks becoming increasingly damaging to business operations, it\u2019s the responsibility of all departments to be vigilant.<\/p>\n\n\n

    \n \n \n \n \"\"\n <\/picture>\n <\/div>\n\n\n

    Creating a cybersecurity culture<\/h2>\n\n\n\n

    One of the most vulnerable areas for any organisation is its employees. According to IBM\u2018s annual X-Force Threat Intelligence Index 2018, human negligence remains the leading cause of data breaches, accounting for two-thirds of all the records compromised in 2017.11<\/sup><\/p>\n\n\n\n

    Because of this, all employees are responsible for ensuring the network is kept safe. You could have the latest anti-virus technology, but inadvertent human error can still allow malicious software a way in.<\/p>\n\n\n\n

    Focusing on fostering a strong cybersecurity culture could possibly be a better defence against cyber threats than any single technological policy. A cybersecurity culture intends to make information security considerations an integral part of an employee\u2019s daily life, and is only achieved by weaving cybersecurity through organisational procedures and practices, and maintaining active conversations with staff.<\/p>\n\n\n\n

    \n
    \n
    \n
    \n
    \n \n \"School\n <\/a>\n <\/div>\n
    \n \n HARVARD'S VPAL <\/a>
    \n     \n Cybersecurity: Managing Risk in the Information Age online short course <\/a>\n <\/div>\n <\/div>\n
    \n
    \n \"Read\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n<\/div>\n\n\n\n

    To ensure you follow best practice when it comes to your security, your plan should encompass the following:<\/p>\n\n\n\n