As cyber threat actors continue to escalate their crimes and deliver staggering blows to global businesses, the risk of cyber attacks and data breaches ranks number one in Aon’s Global Risk Management Survey and is also projected to be a top risk in 2024.1 In fact, cyber security is perceived as a top-10 risk by every surveyed sector and job roles, including CFOs, CEOs and chief people officers.
These are all roles that risk leaders must partner with to achieve cyber resilience beyond the loss of data. It includes mitigating business interruption and associated unexpected costs, potential computer forensic costs, defense costs, privacy breach notification costs, fines and penalties, and harm to a business’s reputation. Rapid scaling of technology all along the value chain has created an eco-system of interdependencies that can be easily exploited, and businesses are ill-prepared to manage the risk. Combine that with the challenges of reduced revenues and constrained budgets and it is hardly surprising that many organizations are finding themselves underprepared to achieve cyber resilience:
- Just two in five organizations are ready to navigate new exposures arising from rapid digital evolution.
- Only 17 percent of organizations report having adequate application security measures in place.
- Positively, however, 60 percent of organizations report having sufficient network security measures to manage new digital connectivity.2
Achieving sustained cyber resilience will require a continuous cyclical strategy.
Building Cyber Resilience Through the Cyber Loop
To achieve sustained cyber resilience and mitigate exposure, a cyber security strategy must be circular rather than linear. Guided by data, businesses using that strategy will continually loop through four stages: Assess, Mitigate, Transfer and Recover 3, becoming an informed participant in managing risk, engaged in continuous review, improvement, and investment in security.
Organizations may enter the loop at any of the four points depending on where they are in their current cyber security journey.