- News & Insights/
- The Institute of Risk Management (IRM) warns businesses of hidden cyber dangers
The Institute of Risk Management (IRM) warns businesses of hidden cyber dangers
The institute of risk management (IRM) has warned that cyber threats to businesses are not only increasing, but are becoming much more diverse. The recent events at Tesco Bank, where the accounts of an estimated 9,000 customers were compromised in a cyber-attack costing the company approximately £2.5 million*, highlighted the risks associated with the protection of third party data.
The IRM warned that the threats to businesses extend beyond data breach to distributed denial-of-service (DDoS), loss of intellectual property, corruption of data and what can only be described as commercial or industrial espionage.
Paul Hopkins, Technical Director at the IRM, stated that “Businesses need to think about more than just data breach threats when undertaking their cyber risk assessment”
“Some of these threats may be harder to detect and could have consequences over a much longer period of time. Also, once a company has been hacked, it may become more attractive as a target for other hackers,” he added.
Increasingly, information, data and intellectual property (IP) are a key element of company business models. Firms should be alerting clients of threats to data, including loss of IP, which can diminish their ‘Unique Selling Points’ (USPs), as well as providing competitors with insight into their technical expertise, commercial tactics and business finances.
In addition to the loss of Intellectual Property, there appears to be an increasing trend of hackers deliberately corrupting business information for commercial or malicious purposes. This is especially concerning as the fact that data has been compromised or corrupted is not discovered by the organisation until much later.
The IRM has been supporting its membership on the developing scope of cyber risks for some time and, in 2014 it published summary guidance for organisations on cyber risk, as well as a longer companion document for risk practitioners.
High profile events such as the data breach at Tesco Bank highlight the continuingly increasing cyber threats to businesses; however focusing only on data breaches can often obscure other threats.
John Ludlow, a director at the IRM and formerly SVP of Risk Management at Intercontinental Hotels Group commented that “Companies should undertake a cyber threat analysis by asking the question ‘who is out to get us, why could we be a target and what vulnerabilities would they exploit’. Simply assuming that the IT Department or the Chief Information Officer (CIO) is aware of all the threats and is in a position to respond to those threats is inadequate”.
While, we are unable to provide a link to the IRM document as it is published by IRM specifically for members; we still feel it is important to raise general awareness of this risk. Practices can pay to download the document using the link below or alternatively guide clients towards it. It is titled ‘Cyber Risk: Resources for Practitioners’.
Visit the IRM website to read more on Cyber Risk, the report summary and its content at https://www.theirm.org/
To download the full bulletin, click here: Hidden cyber dangers