November 7, 2018

Why Cyber Risk Management is Not Working

Click to download PDF
Very few organizations are confident that they can effectively manage cyber risks and attacks targeted towards them, yet they have been regarded as a crucial area of focus by senior management. Marsh and Microsoft Corp conducted a survey that involved over 1,300 senior executives.

The study revealed that two-thirds of the total respondents regarded cyber security as one of the top-most priorities in their risk management strategies. 75% concurred that interruption of normal business operations would be the most impacted by a cyber-attack. 55%, however, cited that a breach affecting customer data and information is the major focus of their risk management practices.  Irrespective of the growing awareness and concern, only a mere 19% admitted to be highly confident that their implemented cyber risk management options can effectively protect their organizations from breaches.

There are several reasons as to why managing cyber risks is failing many organizations. To begin with, current business operations require advanced technological use. This brings along increased threats that evolve with time as cyber criminals devise better ways of breaching targeted systems undetected. No matter the number of risk management strategies put in place, there will always be new threats that are unknown. They are exploited to perpetrate successful breaches despite the fact that organizations implement stringent management tactics. Cyber risk management hence has not always been successful in preventing attacks.

Also, every business is a target of different cyber breaches. This exposes them to different levels of vulnerabilities and risks. With every organization being a target of criminals with diverse motives, it can be impossible to ensure that implemented risk management options are effective. It is common for firms to outsource operations or perform transactions with other third-parties which requires them to access the internal networks. A recent report showed that 55% of interviewed companies allowed external parties to access their internal control networks.  This increases risk levels such that cyber risk management cannot adequately identify all vulnerabilities.

Many organizations are also reluctant in investing heavily in the latest technology solutions for curbing cybercrime. Instead, they are preferring to use traditional security approaches, with the notion that the latest security updates and patches will offer maximum protection. However, such companies fail to consider one important fact. The security products which proved to be effective several years ago may not have the same efficacy today. Emergence of new technologies such as artificial intelligence leads to the development of new malwares and cyber threats. Hence, convectional methods such as manual penetration testing may fail to detect risks present in an organization’s systems.

Other companies also prefer to spend heavily on security products rather than outsourcing cyber management to established professionals. Whereas a particular solution may be efficient in mitigating against a specific risk, others may go unnoticed. Hiring a professional company ensures that all modern solutions are used to provide a holistic approach in managing cyber risks. Modern security companies use the latest artificial intelligence technologies to identify risks in real time and to provide automatic mitigation measures to all threats. Organizations should consider adopting such measures.