The financial industry has long been known for “repackaging risk” – slicing and dicing investments to lessen their aggregate risk. During the 2008 subprime mortgage crisis, the repackaging process eventually reached the point where no one knew the real financial risk, who exactly was exposed to it, and where and how the risk was concentrated.
A similar process is happening today for cyber risk. Known as “Cyberization,” organizations are unknowingly exposed to cyber risk outside of their own organizations because they have outsourced, interconnected or otherwise exposed themselves to an increasingly complex network of networks. Their cyber risk starts with their internal corporate network and security practices and expands outward to their counterparties and affiliates, their supply chain and outsourcing partners. This blog post from Kivu will help explain what Cyberization is and the aggregate risk that organizations face.
How Leveraging Technology Leads to Increased Cyber Risk
Organizations today are relying more and more on technology to increase efficiencies and lower costs, making it possible to be more profitable while deploying fewer resources. This trend makes global cyberization more likely because the Internet is a tightly coupled system with extensive aggregations, societies and economies. With so much interdependency, any disruption in the system is likely to have a cascading effect.
Cyber risk management often assumes that risk is simply the aggregation of local technology and procedures within an organization. In general, risk managers focus mostly on what is going on inside their own walls. Today’s cyber risk managers need to understand, however, that cyber risk is not self-contained within individual enterprises. They must expand their horizons and look far beyond their boundary walls.
Factors to Consider in Cyber Risk Management
Internal IT Enterprise
Risk associated with an organization’s IT.
Examples: hardware, software, people and processes.
Counterparties & Partners
Risk from dependence on or direct interconnection with outside organizations.
Examples: Partnerships, vendors, associations.
Risk from contractual relationships with external suppliers of service.
Examples: IT and Cloud providers, HR, Legal, Accounting and Consultancy.
Risk to the IT sector and traditional supply chain and logistics functions.
Examples: Exposure to country, counterfeit or tampered products.
Risk from the unseen effects of or disruptions from new technologies – those already existing and those due soon.
Examples: Driverless cars, automated digital appliances, embedded medical devices.
Risk from disruptions to infrastructure relied upon by economies and societies, electric, oil or gas infrastructure, financial systems and telecom.
Examples: Internet Infrastructure, Internet governance.
Risk from incidents outside the control of an organization that are likely to have cascading effects.
Examples: International conflicts, malware pandemic, natural disasters.
Kivu is a licensed California private investigations firm, which combines technical and legal expertise to deliver investigative, discovery and forensic solutions worldwide. Author, Elgan Jones, is the Director of Cyber Investigations at Kivu Consulting in Washington DC. For more information about cyber risk management and mitigating the effects of cyberization, please contact Kivu.