Manufacturing is Risky Business

by Chris Talipsky 1. July 2016 09:26
Financial services, healthcare, and retail industry cybersecurity issues have been attracting the most headlines, but these are not the only industries facing significant cybersecurity attacks and breaches. In what may be a surprise to many people, manufacturing was the 2nd most targeted industry in 2015, according to IBM, behind only financial services. Indeed, as more manufacturing processes and infrastructure integrate technology, the more open they become to cyber attacks. And though manufacturing breaches may have flown under the radar for the general public, manufacturers are becoming increasingly aware of the looming cyber threat. In a recent manufacturing risk survey commissioned by BDO, 92% of manufacturers cite cybersecurity concerns, a 44% increase from 2013. According to Shahryar Shaghaghi, National Leader, Technology and Advisory Services at BDO, “all it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure.” This vulnerability is illustrated by another finding of the survey: only 8% of manufacturers felt capable of preventing a breach. As a result, cyber risk management strategies are increasingly focused on response and resiliency, not just on prevention.

Preparedness is Key in Managing Crises

by Ken Urish 14. January 2016 12:35
Not if, but when. That is the approach companies should take toward breach response planning in our current cyber security environment. Risk managers must prepare as though a breach or data security crisis will occur in their company. Looking at past breaches of companies big and small provides perspective on the actions that have worked best for such organizations. There are steps that can be taken that will mitigate damage and manage reputational issues. Before delving into what companies should be doing, it’s important to stress what doesn’t work, and what companies should not be doing. Making the wrong moves, even early, can diminish trust from stakeholders and customers and set in motion further, possibly irreparable mistakes. One of the worst consequences of being unprepared is a lack of certainty about how to handle situations, and firms that aren’t prepared often shoot themselves in the foot through inaction. Part of that inaction is a hesitancy or delay in declaring the issue to stakeholders, clients, customers, etc. But a delay can cause distrust in those people that weren’t informed in a timely manner. Further inaction can cause issues to compound, which makes the situation even more difficult to deal with and to recover from. When any declaration or announcement is made regarding the situation, it should come from an informed place. Misrepresenting the facts or providing false information will only complicate issues further. Additionally, don’t make assumptions about what 3rd parties are or aren’t doing to ameliorate the issue. Take the information you have and do the right things. A well prepared company will be focused on business continuity, key stakeholders, and data management. In order to keep things moving in the midst of crisis, it’s important that you maintain stakeholders' trust during this time. That is why preparedness is such an issue. You should be fostering and developing relationships with your stakeholders, so that trust is already present. Even if the trust is there, don’t lose sight of the human element. The stakeholders are people, and their feelings are important to listen to and to consider. Making fast, critical decisions will also instill trust in your abilities and keep things moving. Very importantly, a lot of data related to your business and any that was directly involved in whatever caused the incident will need to be collected and reviewed by legislators, regulators, lawyers. Having the necessary data in place keeps the process moving and maintains a level of transparency for everyone involved. It also avoids negative legal and regulatory consequences. Obviously, to have the data readily available, means having a plan in place to track and monitor important data. As you can see, preparation is the biggest part of what to do versus what not to do. A company that is prepared to deal with a crisis is already ahead of the game and many missteps that would normally occur are naturally eliminated during a thorough planning process.

The Rising Tide in Risk Management

by Mark Gibbons 30. October 2015 15:59
Based on the results of a survey conducted in September 2015[1] with 150 directors of public company boards, it seems that directors are finally starting to understand their critical role in addressing cyber security. Indeed, cyber attacks are becoming more and more frequent, often targeting high-profile companies and their sensitive data and information. As the attacks become more widespread and damaging, the involvement of the corporate board in mitigating cyber risk has become an imperative. Of the 150 corporate board directors surveyed, 22% reported having experienced a cyber breach within the past two years, which has doubled since 2013 (11%). While those numbers are alarming, the good news is that 69% of corporate directors reported their board being more involved with cyber security than it was in the previous 12 months. Additionally, more than 70% of board members report having increased their company’s investments in cyber security within the last 12 months. 28% have purchased cyber insurance. Though the tide seems to be turning, the survey results indicate that there are many corporate boards and directors that haven’t yet taken key steps to mitigate cyber risk and protect their digital assets. Only 34% of directors reported having conducted a formal assessment of their critical digital assets, while 32% have had an assessment, but have no final strategy in place based on those assessments. Furthermore, although third-party vendors are a critical source of cyber attacks, only 35% of directors have developed cyber risk requirements for their third-party vendors. Has your board performed a risk assessment of its critical assets? Do you have a plan in place to mitigate cyber attacks? Don’t be the 21% without a plan in place.   To view the results of the survey, conducted by our Alliance partner BDO, click here. [1] Survey conducted by Market Measurement on behalf of Urish Popeck’s alliance partner BDO.
Categories: Risk Management