By MacDonnell Ulsch
Cyber-breaches are an everyday event in the 21st century, and every organization that has computers, tablets, and smartphones is vulnerable to having its information compromised.
The obvious goal is to prevent breaches, whether deliberate or accidental. Of course, that’s not always possible. In those situations, the goal is to reduce the risk impact of the breach. Reducing impact is always possible.
In every information compromise—regardless of motive and intent, and whether the breach originates inside or outside the enterprise—there are five risks that every organization faces:
· Legal Risk: when criminal prosecution or civil litigation is a potential outcome;
· Financial Risk: when the targeted company incurs foreseeable or unexpected costs relating to the compromise;
· Regulatory Risk: when governments take action against a company that didn’t comply with statutory mandates;
· Reputation Risk: when the brand’s value is at risk on the basis of the breach; and
· Cascading Risk: when two or more of the preceding risks occur simultaneously.
Risk Impact. Legal, financial, regulatory, reputation and cascading risks have negative effects on an organization. The impact range is determined by many variables, but the impact is measurable and calculable through the examination of traditional business metrics.
These metrics include—but are not limited to—loss of revenue, loss of corporate valuation, customer drift, diminished market share, loss of market authority, loss of trust, loss of key business partners, degree of regulatory scrutiny, impairment of corporate governance requirements and so on. The list is long and often unforgiving.
Kept in Confidence. ZeroPoint Risk Research is inviting readers to submit questions (in confidence) regarding the prevention of a breach or reducing the risk impact of a breach. No personal or corporate identity will ever be disclosed, and each question will be handled with the utmost security. The questions should relate to the legal, financial, regulatory, reputation and cascading risks associated with an information compromise or the prevention of one.
How It Works. Simply submit your question to me at [email protected], and include as much background information as you deem appropriate. We’ll do our best to respond as quickly and accurately as possible. There may be cases that are similar, and, in those instances, we may aggregate the questions and respond accordingly. If you are querying us regarding an active breach event, mark your question “URGENT.”
Why We’re Doing This. Awareness is the key to mitigating risk and reducing its impact. While every question is treated with the utmost confidentiality—with no identity ever revealed—our answers will be posted to the entire community of interest. We believe this approach will increase risk awareness and encourage mitigating action. As we say, “Think post-breach, act pre-breach.”
Our ZeroPoint Risk analyst and advisory team looks forward to helping you reduce your risk of cyber-breaches and their impact on your organization.
MacDonnell Ulsch is the CEO and chief analyst of ZeroPoint Risk Research LLC in Boston. He is the author of the book THREAT! Managing Risk in a Hostile World and is working on a new book on cyber-threats and the U.S. national interest. He may be reached at [email protected].