What keeps the CEOs of major corporations awake at night? Certainly it is the top 10 threats against their companies, as identified by those in the business of studying such matters - insurance companies. Fire, hurricane, earthquake - sure. But now these CEOs have something else to add to the list - cybercrime. For the first time ever, many are identifying this area as a top 10 threat. Yikes!
Where does it fall exactly? Let's check the Allianz Risk Barometer survey of 400 corporate executives in 33 nations. The question is a frightening one - what is the worst risk of doing business? Here were the top 10 responses along with the percentages:
- Business interruption, supply chain risk - 43%
- Natural catastrophes - 33%
- Fire, explosion - 24%
- Changes in legislation and/or regulation - 21%
- Market stagnation or decline - 19%
- Loss of reputation or brand value - 15%
- Competition - 14%
- Cybercrime, IT failure, espionage - 12%
- Theft, fraud, corruption - 10%
- Quality deficiencies, defects - 10%
The extent of this list certainly makes one shake their head, and when we think about cybercrime, we realize that it can come suddenly, seemingly out of nowhere, from some far-off continent, and many times can go undetected for a long period of time. Add to this the loss of reputation that can result (Number 6 above), and cybercrime seems to loom an even larger issue.
Amazingly, many corporations still lack the awareness regarding the extent of this potential problem. In fact, it is estimated that $2 billion has been spent to insure against cybercrime, compared to the $1 trillion spent in overall insurance premiums in the U.S. alone. A huge complicating factor is calculating the actual risks and costs associated with attacks. These are certainly not as straightforward as the time-proven analysis of things like fires and floods.
Certainly, examples of such costs are starting to become very evident. The December 2013 incident with Target, in which computer criminals obtained tens of millions of credit and debit cards helped contribute to a 14% decline in Target's stock share price over two months. Add this to the more than 50 lawsuits that resulted from the breach and it certainly becomes a point that could keep key management personnel up at night, or even looking for a new job. In fact, in the Target example, it led to the replacement of CEO Greg Steinhafel.
If we needed more validation for a career in IT security, this might just be it, to say the least!
This article is published as part of the IDG Contributor Network. Want to Join?