Accelerating Risk. Increasing Consequences.

The sophistication and persistence of cyberattacks on organizations, their customers, vendors and supply chain is an accelerating risk. The recent pace of digital transformation, and associated risks, has exceeded any other point in history.

Business Leaders See The Threat. But Don’t Act.

90% of business leaders said they lack the resources to defend against cyberattacks
– NOMINET

And yet…

68% of business leaders believe their cybersecurity risks are increasing
-IBM
77% of organizations do not have a cybersecurity incident response plan
-ACCENTURE

Why?

There is a dramatic dislocation between the c-suite and board and an organization’s internal departments and external business resources. Internal departments see their responsibility to their specific function and don’t know how to evaluate and interpret risk to the enterprise. External businesses want access to companies as a client and to provide a specific service. They lack the deep experience in studying and conducting global threat analysis and leading contingency planning for complex, disruptive challenges – the type of expertise required to address enterprise risk and to advise on what should be protected and where to invest.

INTERNAL
DECISION MAKING


C-Suite
“Many top executives treat cyber risk as a technical issue and delegate it to the IT department. But defending a business is different from protecting servers.”
– McKinsey & Company

Board
“While many boards regard cybersecurity risk as an ‘existential threat’, they are not confident they have the information and processes in place to provide effective governance in this high-stakes area of oversight.”
– CLTC

General Counsel
Lawsuits around the country reflect current ambiguities about the nature of responsibility for cyberattacks and data breaches.”

Adding to the uncertainties insurers face when attempting to structure policies in this new market is the relative lack of legal precedent on core issues pertaining to cyberattacks.
– Federal Reserve Bank of Chicago

IT Team
“Only 25% of non-CISO executives say business leaders are accountable for cybersecurity.”

Limited trust from C-Suite with IT leaders during
an incident and limited capacity to assess the impact of an incident on critical stakeholders – regulators, customers employees, vendors, investors, competitors
– Accenture

EXTERNAL
FRAGMENTED MARKETPLACE


Law Firms
Orientation is to limit legal risk/exposure. With few legal precedents, there is limited insight and expertise.

Large Consulting Firms
Often acquisition machines of widgets, focused on owning the cyber consulting market and don’t often support medium and small business customers. They are driven to upsell adjacent services to existing clients to pay for and earn returns on acquisitions.

CyberSecurity Firms
The better firms have deep expertise in helping prevent or contain a breach, but most are limited to their “solution” or widget.

Insurance Companies
Cyber offerings provided by insurance companies are often focused on forensic services, which is part of their determination of whether to pay a claim or not. This is a result of the difficulty of pricing cyber risk when there is limited loss history.

In a Covid-19 World…The New Normal

A complex challenge just became exponentially riskier for all organizations

“Tens of millions are now working from home and will for the foreseeable future. A decentralized office increases the surface area for a cyberbreach allowing bad-actors to focus on new ‘gathering places’ to exploit security weakness.”
– Ron Moultrie, former NSA Director of Operations and Resolute Strategic Services Advisory Board Chair

As organizations accelerate their digital transformations, identifying and understanding threats to interconnected systems while building resiliency into operations must be their highest priority.”
– Ron Moultrie, former NSA Director of Operations and Resolute Strategic Services Advisory Board Chair

Online threats have risen by as much as six times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyberattacks, according to Cloudflare.

 

Phishing attempts have soared by over 600% since the end of February, including traditional impersonation scams but also business email compromise (BEC) and extortion attacks, according to Barracuda Networks

$6 trillion projected annually in damages related to cybercrime by 2021.
– CYBERCRIME MAGAZINE


$3.92 million
Average cost of a data breach has risen 12% over past five years.
– IBM


7.9 billion personal records exposed in 2019. Up from 500 million in 2018
– RISK-BASED SECURITY


41%
In 2019 ransomware attacks increased by 41%, with 205,280 organizations … hacked in a ransomware attack.

– NEW YORK TIMES

In his 2019 annual letter to shareholders,
JPMorgan Chase CEO Jamie Dimon warned that cybersecurity: “may very well be the biggest threat to the U.S. financial system…
This is a critical issue, not just for financial companies but also for utilities, technology companies, electrical grids and others.”

In his 2019 annual letter to shareholders,
JPMorgan Chase CEO Jamie Dimon warned that cybersecurity: “may very well be the biggest threat to the U.S. financial system…
This is a critical issue, not just for financial companies but also for utilities, technology companies, electrical grids and others.”