In parallel to the increasing digitization of our value chains, the headlines about successful cyberattacks on prominent companies and organizations are increasing. Almost every week, companies and those responsible for weaknesses in their cyber risk management are put at the media pillory. In addition to loss of reputation, there is a risk of significant or existential financial losses and in particular, the loss of sensitive customer data and certain liability risks for the company and its managers.
The Dilemma: Even The Best Cyber Prevention Cannot Offer 100% Security
No company knows a priori about all security gaps in its own infrastructure and can therefore protect one hundred percent the security. The security case illustrates the dimensions of cyber risk damage: plants of the automobile manufacturer Nissan has to be closed due to the virus infection for example. According to industry experts, damage of up to 4 billion dollars has been incurred and individual companies have even recorded losses of up to 100 millions. The Equifax hack also had a serious impact on the company concerned. Specialized law firms are currently preparing class action lawsuits against the company.
Risk Provisioning As A Central Duty
The management of a company are obliged to take precautionary measures for all operational areas with regard to all apparent dangers that can threaten the operational processes and livelihoods. As the dangers cannot be countered by suitable avoidance strategies, risk provision also includes ordering adequate insurance protection. Adequate insurance protection has become a matter of course standard insurance for operational risks. Surprisingly, with regard to past loss events, cyber insurance continues to be a shadowy existence, even if it has grown significantly in recent years.
The central question for assessing the impact of a loss as part of a risk analysis is therefore what operating bases are at risk from the standstill of all IT systems or the loss or spying of all data stored on them and how high a liability claim due to damage to third parties can be. In addition, it is important to assess the effects of reputational damage on your own brand and to factor in their sensitivity to your own sales. Due to the constantly becoming known security gaps in standard software, it can be seen at the same time that management cannot rely on the quality and protective measures of their own IT department.