According to a survey of nearly 13,000 business leaders entitled "Regional Risks for Doing Business 2019," cyberattacks are the leading risk for business executives in the United States, Canada, and Europe. Cyberattacks are the second biggest risk for executives across the world.
The survey asked leaders to select "the five global risks that you believe to be of most concern for doing business in your country within the next 10 years" from a list of 30 options.
Cyberattacks also came in second on the survey's list of the top 10 business risks of highest concern globally, with "data fraud or theft" coming in seventh.
The top five business risks in the U.S., according to the survey, are: 1. cyberattacks; 2. data fraud or theft; 3. terrorist attacks; 4. critical information infrastructure breakdown; and 5. failure of critical infrastructure.
The survey was published by the World Economic Forum. Emilio Granados-Franco, head of Global Risks and Geopolitical Agenda at the World Economic Forum, said, "…cyber-threats remain a major risk due to their rapid evolution and increasingly disruptive potential." L.S. Howard "Cyber-Attacks Named as Top Business Risk in U.S., Canada and Europe, by WEF Survey" insurancejournal.com (Oct. 01, 2019).
The first step that any organization should take to address the risk of cyberattacks and data theft is to conduct a cybersecurity risk assessment. This assessment will help you understand where you are vulnerable and in what areas of cybersecurity you need to improve to stay protected.
A customized risk assessment is essential because your needs will depend on your business activities and areas of exposure.
If your internal information technology team is not equipped to conduct a cybersecurity risk assessment, hire a skilled third-party cybersecurity consultant to do so. Your assessment must include a plan of action that identifies areas where your employees need training, how to keep employee email platforms secure, and how to protect your organization's information and data.
The U.S. government provides several tools to help businesses conduct a cybersecurity risk assessment. These tools can be helpful in the short term to shore up any immediate gaps while you wait for the results of a more in-depth assessment. They they should not replace a full cybersecurity risk assessment conducted by your IT team or a skilled consultant. However, if your organization does not have the means to conduct an assessment in the near future, these tools could serve as a stop-gap until you are able.
The Federal Trade Commission's Cyberplanner can help small businesses create customized cybersecurity plans. The Cyberplanner can be found online at https://www.fcc.gov/cyberplanner.
The U.S. Department of Homeland Security's Cyber Resilience Review evaluates your organization's "operational resilience and cybersecurity practices." Organizations may hire DHS cybersecurity professionals to conduct an on-site assessment. Learn more at https://www.us-cert.gov/resources/assessments.
Finally, Homeland Security provides other assessment tools that can either be performed in-house or by DHS cybersecurity professionals, including Cyber Hygiene: Vulnerability Scanning; Phishing Campaign Assessment (PCA); Risk and Vulnerability Assessment (RVA); and Validated Architecture Design Review (VADR). Read more about each of these types of assessments at https://www.us-cert.gov/resources/ncats.