Cyber attacks: more frequent and more serious
Companies underestimate the danger posed by cyberattacks, according to a study by management consultants A.T. Kearney. That can be expensive: Estimates by relevant institutions of global damage range from $400 billion to $2.2 trillion. Added to this are damage to the company's image and loss of trust.
In the future, the frequency and extent of cyberattacks will continue to increase, as the consultancy writes. To minimize risks, it is advisable to take a holistic approach to information security. in five dimensions to address: Strategy, Organization, Processes, Technology and Culture.
"First of all, companies need to understand that information security risks are business risks. The responsibility for managing these risks lies with the company's management, not with the IT department or the CIO," explains Michael Römer, Partner at A.T. Kearney and Head of Digital Business Consulting in Europe.
The methods of information security attacks would change rapidly, while the risk and subsequent costs of inadequate security measures would continue to rise. "The next cyberattack is as hard to predict as the next earthquake, however, some trends are emerging. The estimated cost of successful attacks is between $400 billion and $2.2 trillion annually worldwide. This is roughly equivalent to the gross domestic product of Austria and Brazil, respectively, and long-term consequences such as image damage due to loss of trust can hardly be adequately taken into account," says Boris Piwinger, Senior Manager and Head of Information Security Consulting at A.T. Kearney.
With increasing digitization and the inevitable security breaches that come with it, the extent and frequency of attacks would also increase. Piwinger sees the following trends in particular:
- global monitoring
- Targeted weakening of information security technology
- Attack-as-a-Service (AaaS) offerings
- massive attacks on infrastructures
- industrial control systems
Extortion is also a possible business model for the attackers. They threatened to massively inflate a previously credibly claimed damage until the "ransom" is paid, as emphasized.
How to minimize security risks?
The study shows that companies that are exemplary in information security consistently address five areas to minimize risk:
- Strategy
- Organization
- Processes
- Technology
- Culture
"Security problems are rarely due to flaws in just one of these areas. Successful hackers typically use a combination of different vulnerabilities," Piwinger explains.
"Companies that want to minimize their security risks need a security strategy that is closely linked to the corporate strategy, a balanced organizational setup in which difficult decisions can be managed, well thought-out and practiced processes for assessing and handling risks, efficient use of technology and, above all, a strong corporate culture that perceives information security as a value proposition and a shared responsibility of the entire organization," concludes Michael Römer.