Today’s senior leaders face a range of complex, interconnected and fast-evolving risks. Few of these are as critical and so poorly understood as the risk of cyber-attack.
One of the main challenges is the non-physical nature of the threat. Data is a long way from the traditional property that can be neatly defined and covered by standard business insurance. All too often, the potential for a cyber-attack is regarded as an IT problem rather than an enterprise-wide issue. Yet a serious breach can cause catastrophic harm: it undermines customer trust, provokes regulatory scrutiny, disrupts operations and causes long-term financial damage.
We carried out research with one question in mind: how do today’s leaders ensure that their businesses can anticipate and overcome cyber risk?
We wanted to go beyond the jargon, technical language and media scare stories to outline a practical approach for today’s leaders that would make a cyber-attack a more manageable threat. In particular, we wanted to think about the risk to data, because that is what businesses are ultimately trying to protect from hackers.
“Our view is that effective management of cyber risk is only possible if businesses have a clear picture of the data they have,” says Paul Jacobs, global leader of cybersecurity at Grant Thornton. “That could be their email server data, financial information, customer records, proprietary processes or trade secrets. Only when they fully understand the importance of this data and where it is stored – which is known in some circles as categorisation or classification – can they implement hacker-proof defences where they are needed most.”
To understand the level of business maturity in this area, we surveyed 2,900 senior executives through Grant Thornton’s International Business Report (IBR).1 We also interviewed 12 individuals – from the Grant Thornton network as well as from academia and business – who have expertise in cybersecurity and information management.