Build resiliency to guard against cyber risks: FM Global

Establishing a thorough cyber resiliency plan is the most effective way to guard against rising cyber risks, according to executives at FM Global.

Pankaj Thareja, a cyber consultant at the insurer, and Kristian Walsh, a senior account engineer, said organisations should focus on resilience and improving their internal processes.

Thareja said “day-to-day management of internal processes is more important than insurance” when it comes to protecting against cyber risks. “If you can reduce the exposure itself, you can easily prevent losses and minimise risk transfer costs,” Thareja said at the RIMS Australasia 2020 Virtual Summit. “Building a resilient business is the most cost-effective method for defending against severe losses,” Thareja added. He said cyber resiliency plans should be arranged “before an attack, and not after”.

Thareja warned organisations against “complacency”. He said robust resiliency plans minimised the chances of a successful attack, and allowed affected businesses to recover more quickly.

Walsh said businesses could “prevent themselves from becoming victims” by taking a 360 degree, holistic approach to cyber risk assessment.

Organisations should focus on physical security, such as data servers, access to hardware, and CCTV in critical business areas, as well as information security and industrial control systems. “Security programmes must be well-governed with top-level support,” Walsh said.

Thareja said humans were the “weakest element” of a cyber resilience system, and vulnerable to “individual mistakes” that could expose companies to devastating phishing attacks. The annual cost of cyber attacks is expected to hit $6 trillion in 2021.

He said hackers targeted computer systems and manufacturing facilities, leading to significant damage, loss of client confidence, business interruption, and loss of market share.

Thareja said cyber attacks could be more damaging than physical events like fires. “A fire can destroy a physical location. But cyber is boundary-less,” he added.