With analysts suggesting that annual global cyber losses could reach US $6 trillion by 2021, Aon has gathered views from cyber-focused business leaders in the EMEA region on how to build more cyber-resilient organisations.
This research, which was conducted by CyberSecurity Ventures, also forecast that cyber security spending is set to exceed $1 trillion cumulative in the five-year period leading up to 2021.
Aon noted that cyber losses can affect businesses in the form of immediate crisis expenses, as well as regulatory fines and lost revenue due to disruption of trading or core operations.
Additionally, while the immediate financial costs of a cyber attack can be crippling for a business, Aon believes that damage to reputation can be of equal or even greater concern.
The reputational crisis resulting from an attack can erode a company’s market value, destroy brand loyalty, limit companies’ digital transformation efforts and even lead to a credit-rating downgrade, the broker argued.
However, a previous study by Aon and Pentland Analytics found that a company’s preparedness to mitigate reputational risk and its management’s behaviour in the immediate aftermath of a crisis can have a notable impact on short and long-term share price reaction.
“Some companies still don’t fully understand the impact a cyber attack can have on a business,” said Onno Janssen, CEO, Risk Consulting & Cyber Solutions EMEA at Aon.
“Understanding the worst-case scenarios and their impact to a business is crucial to developing an effective resilience strategy in which cyber is managed as an enterprise-wide risk across the entire organisation,” he explained.
“The cyber threat is amorphous, and the technology it exploits is advancing at a dizzying pace, so the risk landscape is never going to stand still. The C-suite will have to aim to constantly improve its holistic cyber risk-management strategies to prevent, prepare for, and be able to respond to a cyber crisis. Ultimate responsibility for all risk management efforts resides in the boardroom.”
Aon concluded that, while cyber risk management must be an enterprise-wide effort, accountability ultimately needs to sit at the top of an organisation, with the board understanding the costs and consequences of a cyber attack.
It also recommended that businesses implement incident-response training for cyber attack, and explore risk transfer opportunities with re/insurers to protect their balance sheets.