Essay on Cyber Risk Management

Risk management, in simple terms, is described as a process of identifying, prioritizing, assessing and mitigating risks to an institution, business or organization (Hopkin, 2017). Risk management further involves a coordinated application of resources to efforts aimed at minimizing, monitoring and controlling the impact of such risks while maximizing on income. Risks are brought about by a range of factors that include targeted and deliberate attacks from competitors and adversaries, legal liabilities, natural disasters, uncertain financial markets, changing global and local politics, and project failures (Pritchard, & PMP, 2014).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Insurance, on the other hand, is a form of protection from financial loss. Insurance is generally considered a risk management strategy to assist businesses, Individuals and institutions during uncertain or unplanned occurrence in their financials (Borch, Sandmo, & Aase, 2014). Therefore, insurance in a holistic view forms the core of any risk management initiative implemented by an organization. The uptake of insurance policies and the wide variety of insurable risks is an indication of how successful insurance has become in the management of risks.

The invention of the internet brought about a lot of advantages to individuals and businesses alike. The internet transformed the way human beings communicated, socialized, learned, transacted business and even entertained (Jurgenson, 2012, p. 83). Certainly, the internet revolutionized our way of life and transformed us into a global village or to be more precise, a global market. However, it has not been all rosy, behind the relative successes of the internet, lay devastating disadvantages. Increased kidnappings, fraud, hackings, to the more extreme cases where deaths have been reported (Morozov, 2012). Indeed, with the recent advances in technology cybercrime has continued to progress. Although security agencies are struggling to keep up with cyber criminals, they always seem to be one step ahead and therefore pose a serious threat to organizations, institutions, businesses and individuals.

Cyber risk refers to all activities that directly or indirectly leads to financial loss, disruption of operations, or a dent in the organization's image and reputation, by causing failure in its information technology systems. The common misconception is that only large organizations are susceptible to cyber-attacks. However, cyber criminals are continuously proving that each target is just as good as the next (Wallner, 2014). Therefore, it is paramount that every organization take necessary steps towards cyber risk management in order to ensure continuity in their operations and security for their financial incomes. This paper seeks to highlight the threat posed by cybercrime and to suggest how adopting risk management strategies will be assisting in reducing the threat.

The Threat of Cyber Security.

No business, institution, organization or individual is completely immune from the ever-present threat of cyber security. The attack on the internet giant yahoo' serves as an example of how vulnerable business really are to cyber-attacks. In the December of 2016, the company announced that hackers managed to steal data from more than one billion accounts (Sky News, 2016). This is not the first time, though, in the same year, close to five hundred million accounts were affected. In the same year, a cyber-attack launched against the Dyn, a United States DNS service provider, resulted in the disruption of many websites including Twitter, Amazon, and Netflix. The attack led to a loss of service for close to eleven hours affecting close to one billion customers worldwide. Dropbox and LinkedIn also suffered similar attacks with 60 million user IDs and 100 million passwords, respectively, hacked.

These attacks have led to the loss of billions of dollars in revenue for the troubled companies. In addition to the loss of revenue, customer loyalty is also compromised (Lagazio, Sherif, & Cushman, 2014, p. 64). For instance, in the case of Yahoo, Verizon which was in the process of acquiring Yahoo for approximately 4.8 billion dollars before the attack in 2013 had to reconsider first before reaching a final decision. As a consequence, Yahoo faced the possibility of actual losing out on the deal or having to settle for a reduction in value of the deal. Therefore, it is possible to see that cyber-attacks may have devastating impacts on a company's profile hence the need for adequate management strategies as a mitigation of these outcomes.

How Cyber-Attacks Occur

Like any other major criminal activity, say a bank robbery, careful planning, and pinpoint execution is required in order to ensure success. Similarly, cyber criminals execute their plans following a series of well-planned steps. The first step requires reconnaissance. The hackers choose a soft and vulnerable target. By analyzing the organizational structure, IT set ups, Cybersecurity, and employee profiles the hackers are able to plan their attack precisely. Once a target is identified, the attackers choose a weak link that will allow access by analyzing vulnerabilities and networks. These search can take a relatively long time.

Through the use of discrete and undetectable techniques, cybercriminals find their way into the organization's secure areas (often using privileged access) and steal credentials that will gain them further access. These access lets the intruders own' the network and gains the necessary access to navigate through the system. This ownership allows the attackers steal sensitive data, change information on sensitive files or erase information almost with impunity. Through malicious software, such as rootkits, the attackers may return as frequent as they please until they are satisfied enough to leave.

Finally, once their operations are over, they attackers often do not leave as peaceful as they came. In what specialist call the attack the attackers may decide to cause irreparable damage to the victims software and hardware or disable it completely. Often, the victims realize when it is too late to defend. Some attackers boast about their success by leaving behind calling cards. These calling cards also serve the purpose of confusing and diverting examiners from their actual making very difficult to track, capture or predict their next move.

Cyber Risk Management

With an understanding of how cyber threats occur, is possible for risk managers to come up with effective strategies to mitigate the outcomes. These strategies are not fixed, instead, evolve in response to the evolving nature of the attacks (Refsdal, Solhaug, & Stolen, 2015, p. 45). An effective risk management strategy encompasses the prevention of attacks, resolutions in the event of an attack, and restitution to limit the impact of the attacks. Any organization with an online presence, or whose operation is dependent on a network, should ensure that these steps are well thought out and ready to handle an attack. Early preparation is specially important due to the unpredictable nature of cyber-attacks.

In preventing an attack, the organization needs to identify the most sensitive information that is likely to be targeted by cybercriminals (Ayala, 2016, p. 63) This information may include customer identity and login information, financial records, bank details to name a few. Furthermore, organizations should have a clear definition of how such information is stored, is it in-house or is stored through a third party? Is it manually backed up or is everything in a digital format? Who has privileged access? And what steps are there to secure such information? Once an answer to all these questions is provided, the organization is a step closer to preventing an attack (Amoroso, 2012). Another important element to consider is privileged access. Most cyber-attacks happen because the attackers could, in one way or the other gain or make up a privileged access. By managing privileged identity or employing systems that are able to detect such accounts and audit them, it is possible to prevent an attack or prolonging it enough to put up stronger defenses. Therefore, this technique remains keys in the prevention of cyber-attacks (Li, Liang, Lu, Shen, Lin, & Zhu, 2012).

At certain times, the prevention measures put in place may do little in preventing cyber threats. Therefore, an organization should set in place procedures that will enable it to remedy the situation. For instance, if a hacker has gained access to customer login information, the company may choose to temporarily shut down these accounts until the threat is dealt with appropriately. Although it may seem an exercise in futility, putting measures in place to reduce the impact of such attacks may end up saving the company millions of dollars in lost revenue or help keep the attack a secret to prevent a loss of reputation (Bhagat & Bhagat Bhavesh, 2012). Customer loyalty also forms an integral part of this step as an understanding clientele will not only help the organization through the attack but also suggest and support measures to prevent such attacks in future

Restitution also forms an integral part of cyber risk management. This procedure involves the company's management team, shareholders, and any other interested parties. In simple terms, restitution is described as a compensation or means of reparation of damage to property, injury to self or others, or loss. The main aim of restitution is to return an object to its exact or near its former self. In cyber risk management, the involved parties agree on what should be done in the event of an attack. Would there be monetary compensation? How will customers and members be cushioned against loss? What is the role of the consumer in the restitution process? These and other questions are integral to the success of the restitution process.

The Role of Insurance

Cyber-attacks may result in the loss of millions of dollars in revenue. Moreover, the vulnerability of the attack may affect customer loyalty which will still lead to hard financial times. If no mitigation effort is brought in, the company risks closing down its operations, as it would no longer make economic sense to run such an organization. How does insurance come in? Insurance providers seek to provide a soft landing spot for a company that is on the verge of collapse. Through compensation, the company is able to start all over again or to boost its operations in order to reduce the risk of bankruptcy or receivership.

Unfortunately, cyber risk insurance is still in its infancy and has therefore not evolved fast enough to provide the much-needed cover against such risks (Dutt, Ahn, & Gonzalez, 2013, p. 610). With the insurance industry reaping substantial profits, close to two billion dollars in 2014, from cyber insurance, more coverages still need an implementation to ensure that companies under threat feel secure (Pal, Golubchik, Psounis, & Hui, 2014). However, with the insurance industry being two steps behind cyber threats, limited coverage options are available.

In order to give an illustration, an insurance company may provide cover against the risk of fire. If cyber-activity results in a fire damaging a company's premises, then the insurer will compensate the insured for the damages due to the fire not considering that the hacker also caused the fire, although indirectly. However, some insurance policies contain provisions that provide cover against loss, damage or disruption of an organization's electronic data. This policy is often available to small and medium enterprises and is known as Business Owners Policy (Fischer, 2013). In the event of the occurrence of the risk covered, the insurer will promptly compensate. The downside to this, however, is that it do...