THE HIDDEN RISKS OF A CYBER
There are 14 risk factors that organization leaders should consider
when preparing for a cyber-attack.
A sea change is taking place in cyber risk management. The idea
that cyberattacks are increasingly likely, and perhaps inevitable, is
taking hold among executives and board members.
Business leaders are realizing that we have connected the world
with technologies designed to share information, not protect it. As
a result, many organizations are beginning to adopt what Deloitte
calls a “Secure Vigilant Resilient” approach to cyber risks. This
business perspective allows a correct balance between investments
in cybersecurity with efforts to develop greater visibility of possible
threats, and the ability to respond more quickly and effectively to
the events caused by a cyber-incident.
In order to properly prioritize, organizations must understand the
types of cyber-risks they may face and must be able to measure the
likelihood of their occurrence. They also need to understand the
consequences of these risks in the event of a condition.
There are many ways in which a cyber-attack can affect an
organization, and the impact will depend directly on the nature and
severity of the attack. There are 14 impact factors (see study) that
business leaders should consider when preparing for potential
Some are more familiar to us, such as those associated with data
breaches. However, others are broader in scope and intangible,
being more difficult to quantify and often hidden from the public
Understanding the cyber-risks by which an organization can be
affected requires knowledge of the business model, operations
processes, trends, maturity levels, and specific vulnerabilities of the
organization that are generally also extrapolated to the whole of its
industry and sector.
We can divide the response process to these 14 impact factors that
can affect a company into three phases, phases that tend to overlap
and extend over time dependin