United Kingdom

2019 Cyber Security Risk Report

Aon report reveals 2019’s biggest cyber threats to business

From the early threat of data breaches to attacks on internet of things (IoT) devices, the cyber threat continues to evolve at pace. In Aon’s latest 2019 Cyber Security Risk Report, the scope of the threat to enterprises over the world is laid bare. Detailing eight areas of vulnerability including digital transformation, supply chain, employee negligence, business operations, and growing cyber regulation, the report finds that the “scale of attacks is expanding and the impact is intensifying”.

WannaCry wake-up

In the UK, cyber attacks continue to hit home. 2017’s WannaCry ransomware probably did more to raise the collective consciousness of this form of cyber attack when it paralysed at least 80 NHS trusts, leading to the cancellation of thousands of operations and appointments and, according to the Department of Health, costs of £92 million.

As businesses increasingly rely on technology to run their critical day-to-day operations, the operational disruption caused by such an attack can be hugely disproportionate, not to mention the additional reputational damage. Companies like TalkTalk have faced huge reputational issues after dealing with the aftermath of a hack.

While the growth of technology, finds Aon’s report, is transforming how businesses operate it is also leading to an “expanding and morphing cyber-attack surface”. Take car manufacturers for example, whose vehicles are already crammed full of ‘hackable’ technology such as cellular, Wi-Fi, Bluetooth and infrared networks, and that’s before the advent of full autonomy. The internet of things (IoT) is also creating a whole host of network devices from conferencing systems, to security cameras and building automation sensors that are vulnerable to attack, making it increasingly important for organisations to monitor and inventory their IoT endpoints.

Unlocked back door

Another huge vulnerability for businesses is in their supply chain. According to a 2018 Ponemon Institute Survey, 59% of companies in the UK and the US said they experienced a data breach via a third party. The UK’s National Cyber Security Centre has detailed a number of examples of supply chain attacks on software providers, website builders and third party data storage facilities.

Since 2011, a cyber-espionage group known as Dragonfly has ‘allegedly’ been targeting energy sector companies across Europe and North America; going for companies in their supply chains by compromising supplier websites and installing malware infected files to, in turn, infect their clients.

Employee error

Of course, it’s often the actions – either accidentally or with malicious intent – of employees that let the hackers in. Back in 2014, thousands of staff at the supermarket Morrisons were hit by the theft of payroll information which turned out to be the work of a disgruntled employee. One issue, says Aon, is organisations often give users more robust access privileges than may be needed which increases risk.

Regulatory action

It's not just the hackers that businesses need to worry about either; make a mistake and they could find an ever-growing tide of cyber regulation ready to drop huge fines on them for allowing client data to be compromised. The UK saw the introduction of the General Data Protection Regulation in 2018 which could see huge fines imposed if firms are found to have violated GDPR rules. So far there have been few GDPR related enforcement actions, fines and civil suits but, says Aon’s report, they are perceived to be the “tip of the iceberg”.

Be prepared

Despite the challenges, it’s a threat that can be managed, concludes Aon’s 2019 Cyber Security Risk Report, provided organisations stay informed, understand their risk profile and be proactive. In addition, businesses should share threat intelligence, help to root out bad actors before they cause damage and, above all, prepare themselves to deal with a cyber attack.

Download Aon’s 2019 Cyber Security Risk Report