Over the past decade, technological
developments once considered the stuff of
science fiction have become commonplace.
From smartphones to smart homes – with
online thermostats, doorbells and even
fridges – the way we live, work and do
business has become more connected. And
with that connectivity comes increasingly
sophisticated cyber risks.
Indeed, cyber vulnerabilities can appear
across an organization’s people, operations
and supply chains to affect customers,
threaten business continuity and hurt
Jason Hogg, chief executive officer at Aon
Cyber Solutions, says, “In 2019, the
greatest challenge organizations will face is
simply keeping up with and staying
informed about the evolving cyber-risk
While the cyber threats that organizations
face vary, there are eight key risk areas
businesses should consider:
technology, supply chains, the internet of
things (Io T), business operations, employees, mergers and acquisitions (M&A),
regulations and boards of directors.
To effectively address the eight areas of
cyber exposures, an organization’s risk
management must be proactive: focusing on
sharing threat intelligence and collaborating within and across enterprises and
industries. Cyber diligence is an unending,
dynamic effort to identify vulnerabilities,
mitigate risk and appropriately prepare a
response when an attack occurs.
No Free Ride: Technology
Can Be A Blend Of
Opportunity And Risk
From autonomous cars to the rise of
ride-sharing services, more businesses offer
a broad choice of products and services over
a network. These “anything as a service” –
or “XaaS” – businesses highlight the rapid
pace of digital transformation. And as XaaS
companies gain traction, cyber risk will
continue to evolve.
Stephanie Snyder, senior vice president and
commercial strategy leader at Aon Cyber
Solutions, notes that today, every company
– whether they know it or not – is a
technology company, simply due to the way
they use technology to evolve their business.
Therefore, as organizations embrace digital
transformation, leaders should aim to
understand the associated risks and plan to
Third Party As A “Backdoor”
To Cyber: Risks Can Lurk
In Supply Chains
As supply chains become more complex,
and businesses rely on more third-party
vendors, cyber risk can creep into the
supply chain – and the threat can be
significant. “A breakdown in the supply
chain – no matter who is at fault – can
grossly degrade operations and impact
revenue,” says CJ Dietzman, managing
director and security advisory practice
leader at Aon Cyber Solutions.
A 2018 Ponemon Institute survey found
that 59 percent of companies in the U.S.
and the U.K. experienced a data breach
through a third party, but only 35 percent of
those surveyed described their third-party
risk management as highly effective.
“As supply chains become increasingly
connected, leaders will take a harder
look at their vulnerabilities. It will no
longer be a ‘cyber’ risk, but an overall
operational risk in which cyber will
play a role,” states Snyder.
Managing The Unknown:
The Growth Of Connected
As Io T becomes more ubiquitous, each
connected device can present its own
security risk. According to another 2018
Ponemon study, 38 percent of organizations
that kept records of Io T-connected devices
said they had up to 1,000 such devices.
Meanwhile, the average number of devices
in the workplace among those surveyed was
more than 15,000.
Most companies, however, don’t adequately
keep track of Io T devices. Ponemon’s survey
also showed that 21 percent of companies
suffered an attack associated with
unsecured Io T devices over the past year.
Snyder stresses that it’s critical for companies to break down silos within the organization to be ready for an Io T related risk.
“From IT to risk management to general
counsel, key stakeholders need to be in
lockstep to protect the organization,” she
At Risk (see page 74)
THE PRIVATE INVESTOR | SPRING +SUMMER 2019 73
The 8 Cyber Risks
That Are Worrying