Cyber risk is the possibility that something could happen to the information or IT assets stored in your organization that would hurt your business significantly. The risk is measured at two levels:
- How much something could hurt your business and
- How likely that is.
What does the term “cyber risk” mean in detail?
Typical examples of incidents that can harm companies are:
- Loss of access to critical business or customer information
- Unauthorized disclosure of business or customer information to third parties
- Theft of money or other financial resources carried out by technical means
How likely such a malicious incident is to happen depends on what steps your organization takes to ensure and protect data storage and access to IT resources. Since the damage scenarios are abstract and many of the vulnerable values are intangible, cyber risks are often
underestimated, the greater the potential of most companies to reduce or better manage these risks through appropriate measures. So, for example, raising awareness among employees will help them deal with harmful emails more critically and prevent incidents. And with frequent and regular back-ups, as an example, you can return to productive everyday work much more quickly after a server failure due to force majeure.
Where are the cyber risks most likely to be in my daily work?
Many everyday details of your daily work influence the cyber risk of your business. For example, if:
- Customer data is encrypted or stored freely accessible to all employees
- Outside USB sticks are checked for malware before connecting
- The user accounts of former employees still exist - all employees and departments work on the same network
- Regular back-ups of all data are made and stored securely - employees connect their privately used smartphone to the corporate WLAN
What can I do to protect myself from cyber risks?
- Determine the cyber risks for your business. For example, you can use the Cyber Security Alliance Guide, or you can simply use Perseus IT Security Check. Based on the results, you know where your most important need for action exists.
- If you have little time, set priorities. Every action reduces your cyber risk. Identify and capitalize on the biggest risk factors. For example, raising the awareness of your employees, updating their servers and regularly creating back-ups.
- Use reliable sources of information, such as The Federal Office for Information Security (BSI), as a basis for decisions
- Consider insurance against cyber risks if, for example, roduction downtime could quickly harm your business
Log in to Perseus for a free IT security check: www.perseus.com/product/security_view
Guidelines for Conducting Cyber Security Checks in Companies and Authorities of the Cyber Security Alliance of the BSI: www.allianz-fuer-cybersicherheit.de/ACS/DE/_/Publikationen/leitfaden.pdf
Results of a Forsa survey on cyber risks in SMEs, including some recommendations
for action: www.gdv.de/resource/blob/32708/d3d1509dbb080d899fbfb7162ae4f9f6/cyberrisiko-