The Institute of Risk Management (IRM) has warned that cyber threats to businesses are not only increasing, but are becoming much more diverse.
The recent events at TalkTalk, where the personal and banking details of up to four million customers were accessed in a cyber-attack, highlighted the risks associated with the protection of third party data.
However, the threats to businesses extend beyond data breach to distributed denial-of-service (DDoS), loss of intellectual property, corruption of data and what can only be described as commercial or industrial espionage. “Businesses need to think about more than just data breach threats when the undertaking their cyber risk assessment” said Paul Hopkin, Technical Director at the IRM.
“Some of these threats may be harder to detect and could have consequences over a much longer period of time. Also, once a company has been hacked, it may become more attractive as a target for other hackers,” he adds.
Increasingly, information, data and intellectual property (IP) underpin the business models of organisations. The threats to this data, including loss of IP, can diminish the ‘Unique Selling Points’ (USPs) of the business, as well as providing competitors with insight into technical expertise, commercial tactics and business finances.
In addition to the loss of IP, there appears to be an increasing trend to deliberately corrupt business information for commercial or malicious purposes, including actions by pressure groups and other so-called “hacktivists”. Often, the fact that data has been compromised or corrupted is not known to the organisation until much later.
The IRM has been providing support to its membership on the developing scope of cyber risks for some time and, most recently, in 2014 published summary guidance for organisations on cyber risk, as well as a longer companion document for risk practitioners.
Read more on the IRM Website.