The UK Government has recognized cyber-attacks to be one of the most significant risks facing the country. The costs to businesses are rising as hackers become more focused and persistent in their attacks. Several attempts have been made to quantify the economic cost of cyber crime on UK businesses. While there are a wide range of estimates, figures consistently range in the billions of pounds.
In its broadest form, cyber risk is synonymous with information technology (IT) risk - that is, “the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise” (1). Such a broad definition makes sense because similar outcomes may arise from an IT event, irrespective of whether its cause was malicious or not and whether it arrived via the Internet or from internal systems.
Damage to an organization resulting from a cyber-attack can be categorized into 11 forms, indicating the extent to which cyber risk deserves to be afforded much greater consideration than the current focus on data breach. This categorization also recognizes that where a cyber-attack is directed at an organization that companies depend on as part of their supply chain, have system links with or use to store data on corporate or personal customers, the impact of the attack may be felt well beyond the attacked organization. As such, companies should consider the impact a cyber event at a supplier or other affiliate could have on their own business.
Cyber-attacks represent a present and growing danger that threatens businesses, irrespective of size and sector. The UK Government’s annual breach report shows that 81 percent of large businesses and 60 percent of small businesses suffered a security breach in 2014 (2).
1. ISACA Risk IT Framework Excerpt, 2009.
2. 2014 Information Security Breaches Survey, UK Department of Business Innovation and Skills, 2014.