(Source – Shutterstock)

Cyber risks can end up being the biggest business risk

Business risk is often defined as a factor that can affect a company’s capabilities. These risks often threaten a company’s ability to achieve its goals, whether those are financial, productivity, efficiency or growth. The most common business risks that can impact an organization include financial risks, strategic risks, reputational risks, operational risks, legal risks, security risks and human risks.

Out of all these risks, there is one business risk that can pretty much influence all outcomes: cyber risk. Organizations today are dealing with increasing cyber risks and the reality is, cyber risks are capable of having an impact in all areas of an organization.

In fact, according to a report by Mimecast, organizations are beginning to understand that cyber risk is a business risk. The Behind the Screens report digs deeper into their efforts to articulate risk and provides recommendations from the respondents on what leaders must do to work protected, even as cyberattacks proliferate.

The report indicated that many CISOs recognize there is a knowledge gap on their boards, which places CISOs at a disadvantage when they need to prove ROI on cybersecurity initiatives. In the face of economic volatility, when most companies around the world tighten their belts in every area of business including marketing, sales, and general technology, it can introduce even greater cyber risk due to shadow IT or outsourcing to untrustworthy third parties.

The report also showed that most security leaders believe they need a budget increase of 10% to 20%, and feel they are likely to get it. At the same time, hiring and retaining cybersecurity professionals has become exponentially more difficult.

As such, CISOs are being forced to scrutinize budgets and cybersecurity technology through the well-known “people, technology, and process” lens. This itself is a big business risk. Many organizations have experienced bloated or disconnected security environments over time and security vendors must meet the needs of businesses that expect more or better functionality for the same cost.

Phishing: A cyber risk that is a business risk

Phishing is one of the original cyber threats, and it persists because attackers can continually adapt their approach. What’s more, automation tools and phishing kits are making it easier for a less skilled cybercriminal to cast a wider net, which can cause greater damage to businesses.

The C-suite has become attuned to creating a company-wide security culture, more specifically, investing in awareness training in tandem with layered cybersecurity frameworks to minimize the likelihood of a successful attack.

For Garrett O’Hara, Director, Solutions Engineering APAC, Mimecast, the modern work surface has led to a high volume of increasingly sophisticated attacks on organizations across the Asia Pacific. He also pointed out that budgets are tight and there are continued skills challenges, yet the opportunity for CISOs to protect their organizations has never been better.

“We need to keep the link between cyber risk and business risk front of mind when speaking to the board. It’s also important to avoid the trap of a monolithic security provider by implementing layered, best-of-breed cybersecurity tools; and to secure against age-old threats like phishing with email protection and awareness training for employees,” commented O’Hara.