As cyber attacks increasingly threaten business and grow in volume and scale, companies will be forced to take new measures to address cybersecurity risk holistically, integrating it more aggressively into their enterprise risk management, according to insurance broker Aon’s cyber specialists in the firm’s 2018 Cybersecurity Predictions report.
The report outlines specific actions that Aon believes companies will take in 2018 to address cyber threats, as well as other cyber trends that it anticipates in the new year.
“In 2017, cyber attackers created havoc through a range of levers, from phishing attacks that influenced political campaigns to ransomware cryptoworms that infiltrated operating systems on a global scale. With the growth of the Internet of Things (IoT), we have also witnessed a proliferation of distributed denial-of-service (DDoS) attacks on IoT devices, crippling the device’s functionality,” said Jason J. Hogg, CEO, Aon Cyber Solutions.
Hogg said Aon’s specialists expect heightened cyber exposure due to a convergence of three trends: companies’ increasing reliance on technology; regulators’ intensified focus on protecting consumer data; and the rising value of non-physical assets.
“Heightened exposure will require an integrated cybersecurity approach to both business culture and risk management frameworks,” he said. “Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions.”
Aon’s 2018 Cybersecurity Predictions report look at the ways in which the increasing scale and impact of cyber attacks, coupled with companies having to accept more liability and accountability over cyber attacks, will lead to significant changes in the corporate landscape. The report predicts an expanding role for the chief risk officer (CRO), the importance of implementing multi-factor authentication, the increased threats from insiders, and an expansion of bug bounty programs in new sectors.
Here are eight ways Aon’s specialists see cyber risks and cybersecurity playing out during this year:
- Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability. As boards and executives experience and witness the impact of cyber attacks, including reduced earnings, operational disruption, and claims brought against directors and officers, businesses will turn to tailored enterprise cyber insurance policies, rather than relying on “silent” components in other policies. Adoption will spread beyond traditional buyers of cyber insurance, such as retail, financial, and healthcare sectors, to others vulnerable to cyber-related business disruption, including manufacturing, transportation, utility, and oil and gas.
- As the physical and cyber worlds collide, chief risk officers take center stage to manage cyber as an enterprise risk. As sophisticated cyber attacks generate real-world consequences that impact business operations at increasing scale, C-suites will wake up to the enterprise nature of cyber risk. In 2018, expect CROs to have a seat at the cyber table, working closely with chief information security officers (CISOs) to help organizations understand the holistic impact of cyber risk on the business.