In its “What’s Now and What’s Next” report released Wednesday, Aon discusses what companies face in 2019 with cyber risk, especially due to the rapid digitization of business that “expands the attack surface of global business” in unexpected ways. “Thanks to the rapid enhancement and constant changes in technology, the number of touch points that cyber criminals can access within a business is growing exponentially,” the report states.
Here are the eight risks that could impact companies in 2019:
1. Technology: The broader use of technology “also brings vulnerabilities.” Organizations must understand these risks as they move forward and adapt cyber precautions accordingly.
2. Supply Chain: Aon notes that two trends will heighten cyber risks. The first is the “rapid expansion of operational data exposed to cyber adversaries, from mobile and edge devices like the Internet of Things.” The second is a firm’s growing reliance on outside vendors. Both trends “present attackers with new openings into supply chains.” Aon notes that company boards and management must have “forward-looking risk management” to deal with these factors.
3. Internet of Things: This means multiple devices that “are everywhere,” and need to be managed. “As time goes on, the number of IoT endpoints will increase dramatically,” the report states.
4. Business Operations: Connecting to the internet improves operations, but also exposes a firm to new cyber risks. Once in, a cyberattacker can “move laterally across an entire network.” Again, firms need to be aware of and protect against this risk.
5. Employees: Often cited as the most common cause of cyber breaches and the weakest link, firms must take precautions for every level of employee. The study states these include strong data governance, communicating cyber security policies throughout the organization, and implementing effective access and data-protection controls.
6. Mergers and Acquisitions: Advisors should take special note of this. Aon says that projections of M&A deal value was to top $4 trillion in 2018, the highest in four years. Although a company might have “flawless” cybersecurity policies and defenses in place, a new acquisition might not be up to par. “Dealmakers must weave specific cybersecurity strategies into their larger M&A plans if they want to ensure seamless transitions in the future,” the paper states.
7. Regulatory: As cyber risk increases across all industries, regulators have increased laws, rules and standards related to cyber. The paper notes that “firms must balance both new regulations and evolving cyber threats.”
8. Board of Directors: Boards must be forward thinking and “set a strong tone across the company” for being proactive with cybersecurity as well as taking actions after an incident.
“While it may seem counterintuitive when thinking about cybersecurity, collaboration within and across enterprises and industries can keep private data of companies and individuals alike safe,” said J. Hogg, CEO of Cyber Solutions at Aon, in a statement. “Working together can result in improved efforts to hunt bad actors, while also raising the bar and making all parties more prepared for the inevitable day when a disruption does happen.”
— Related on ThinkAdvisor:
- Four Ways to Curtail Insider Cybersecurity Threats
- BlackRock’s Data Leak Hits 20,000 Advisors, Most With LPL
- FINRA Issues Report on Best Cybersecurity Practices