An analysis of cyber threats in various sectors, the true costs of cyber crime, and ways in which companies can mitigate this fast-evolving risk
Over the past few decades the internet has provided a remarkable platform for business growth and innovation. However, digital systems are susceptible to cyber threats, and businesses today are confronted by a bewildering variety of cyber attacks. KPMG in the UK joins insurance market Lloyd's of London and international law firm DAC Beachcroft in a new report to provide a cross-sector assessment of the cyber threats facing companies today.
As technology advances, so does the threat landscape. Organised criminals are scaling their operations and looking to automate the targeting and exploitation of business networks. They are also repurposing attacks to target new institutions in various sectors.
The publication (PDF 5.47 MB) outlined different types of attacks that organisations in 14 different sectors are subject to, and the sector-by-sector analyses highlight what businesses need to adapt in order to keep themselves and their customers safe.
The costs of a cyber incident typically occur in two phases - immediate (i.e. legal and forensic investigation fees, and extortion payouts) and “slow-burn” (i.e. those associated with the long-term impacts, such as the loss of competitive advantage and customer churn). The extent of these costs can vary considerably by sector and are constantly evolving.
Businesses need to be aware of the full costs of a cyber attack, especially the “slow-burn” costs, when added to immediate costs, can dramatically increase the final bill.
As the risk of cyber attack increases, so do the legal and cost ramifications. There are a few factors that are most likely to influence the complexity and cost of future breaches, namely, changes to regulations, trends in litigation, supply chain security, and the internet of things (IoT) and integrated systems.
The combined impact of these four trends is a clear warning for organisations to heed. Regulatory sanctions and compensation and increasing complexity give rise to significant financial risk to businesses that fail to adequately secure their electronic networks, assets and data, and fail to hold and use data in accordance with privacy laws.
While it is not possible to be 100 percent secure from a cyber attack, there are measures companies can take to mitigate the risks, minimise the consequences and recover more quickly should a breach occur.
Cyber insurance is a key part of the solution. Demand for cyber risk coverage continues to be driven by privacy breach laws in certain countries, yet the absence of similar measures in other continents may contribute to the relative lack of awareness around cyber insurance.
As rapid technological advancements expose new threats and liabilities to companies, the onus is on both businesses and insurers to stay on top of ever-changing cyber risks. There are four ways for businesses to work with their insurers to prepare for and mitigate cyber threats:
KPMG member firms around the world have over 3,000 cyber security professionals who can support and guide you in mitigating the inevitable risks from the increasingly digital world. Contact your KPMG adviser to discuss how KPMG can develop a tailored approach for your organisation.
Download the full report (PDF 5.47 MB)