A lot goes into calculating the fallout from cyberattacks. For companies, it includes damages to their brand, alerting customers, handling legal fees – all that aside from the cost of stolen data or money. A recent study goes a step further, though, and calculates the total cost to the world economy.
The result: By 2020, cyberattacks could cost the world economy as much as $3 trillion – that’s with a “t.”
The study by McKinsey and Company found that two-thirds of companies see the cost of cyberattacks as a significant issue.
There’s nothing terribly surprising about this: Even most companies slow to react to online threats realize they can be devastating. But the scope and reach of this study (conducted with the World Economic Forum) does go beyond most of its kind.
According to the report, here are seven best practices your organization may want to adopt or refine:
- Prioritize information assets based on business risks. In order to protect your organization, you need to identify which assets would be most harmful if they fell into the wrong hands. This requires a careful examination of risk.
- Provide differentiated protection based on importance of assets.Cybersecurity isn’t just a problem that you can throw money at and make it go away. Not all threats are equal, and some aspects of the business need more protection than others. It’s increasingly falling on IT to identify and protect these high-value assets.
- Deeply integrate security into the technology environment to drive scalability. Securing systems and services needs to be built in from the very beginning instead of being tacked on to apps and systems.
- Deploy active defenses to uncover attacks. Cyberattacks are masked well these days. Finding threats before they’ve already done damage is key.
- Test continuously to improve incident response. Incident response needs to be burned into your organization. Make sure everyone from IT, to your public relations, to customer service knows how they would react in the case of a data breach or other cyber incident.
- Enlist frontline personnel to help them understand the value of information assets. End users and managers should understand the risks to your systems. Doing so might make them think twice about clicking on that link or revealing potentially sensitive info.
- Integrate cyberresistance into enterprise-wide risk-management and governance processes. Make sure cyber threats are considered just as any other business continuity threat would be. They should be planned for and addressed in your organization’s risk profile.
To access the full report, download the PDF from this link.