5 Steps to Defending Your Bottom Line with a Cyber Risk Protection Plan

Protect Your Balance Sheet from Cyber Attacks

Cyber risks are now a certainty. Firms, in every industry and of every size, should be managing these risks as much as (if not more than) all other risks to their business: economic, competitive, operational, etc. More than 40 percent of respondents to the Marsh-Microsoft 2019 Global Cyber Risk Perception Survey believed they could see losses of ~$50 million in a cyberattack. The World Economic Forum raised these risks to the highest level by identifying cyber attacks and data fraud as two of the year’s top risks (The Global Risks Report 2019).

As information technology advances, cyber risk protection is becoming an essential aspect of business planning. And as companies begin considering how to protect themselves against risk, two common questions arise: ‘How risky is my risk?’ and ‘How do I measure the safety of my data and my business processes?’ As in almost every area of business today, companies should arm themselves with cyber risk protection data to make better business decisions.

With cyber risk data analysis, you can understand:

  • How to make better business decisions based on data
  • The likelihood of a successful cyber attack
  • The potential frequency of a cyber attack (rate of the incident)
  • What a cyber attack might cost you (aka single loss expectancy or SLE)

Having your cyber risk translated into business terms (e.g., dollar impact, probability, etc.) makes all the difference in determining if your balance sheet can sustain the expense of a cyber incident. For example, what if your company has $10M in cyber risk protection insurance, and you can calculate that a cyber attack would cost you $20M annually for four years? And what if you can also predict that your incidence rate is every four years, with a 42 percent likelihood of success?

The next question is this: Can your balance sheet support the additional expense of $10M in year one and the following years (i.e., $10M annually for three years or $30M–$40M total)? Wouldn’t this information drastically change how you looked at your insurance coverage, as well as the investments needed for an infrastructure that protects your company from the impacts of cyber attacks?

According to an intangible asset market value study by Ocean Tomo in 2017, the percentage of market value tied to intangible assets rose by 70 percent across the S&P 500. These intangible assets include things from balance sheets to intellectual property. With threats to your intangible assets increasing, what can you do to identify risks, maintain your core operations, and protect customer data—all while securing your company’s finances?

  1. Quantify and define your cybersecurity risks: What’s at risk? Utilize cyber risk analytics to demonstrate the value of security spending.
  2. Model cyber risk scenarios: Only 38 percent of the Marsh-Microsoft survey respondents had modeled any cyber risk scenarios. It is crucial to have continuous cyber risk scenario modeling of your balance sheet because the business risk is dynamic.
  3. Understand and quantify the potential losses associated with your cyber risks: What’s the probability of loss across the numerous types and growing volumes of data that you process and store?
  4. Develop or update an existing cyber risk protection plan to mitigate vulnerabilities: Where is the risk? What should you do about it? You can strategically reduce cyber risk by integrating data security strategies and tactics into your business planning process.
  5. Offset additional risks with cyber insurance that fully covers your company: How much coverage do we need? How do you determine that?

Who Should Be Part of This Cyber Risk Protection Planning?

  • Boards of Directors
  • CFOs/CEOs
  • Compliance leadership
  • Finance leadership
  • Legal leadership
  • Operations leadership
  • Presidents
  • Risk Management leadership

The risks are real, but so are the methods for understanding, assessing, and planning how to protect against them. Cyber risk protection analytics work best when it is based on the broadest set of data about attacks and attackers. We must also consider the regulatory, financial, and reputational impacts to businesses around the world. Contact us to learn more at info@cbuscollaboratory.com.