What risks can you really afford to take?

According to a study by Allianz Insurance, the fear of a cyber incident is ranked second in the risk barometer of corporate risks in 2019 with 48 % of all companies surveyed, just behind the risk of business interruption (ranked first) with 58 %. Various cyber incidents this year, such as those at Meier Tobler AG, Auto AG Group or the trading company Offix, show that SMEs are increasingly becoming the focus of cyber criminals. With the increasing penetration of digitalisation, a further increase in the number of cyberattacks and rising case costs are to be expected. Experience has shown that the risks that arise are classified into three main risk categories.

Technical risk factors
Imagine you are pushing digitalization and automation in your company to the maximum. From the digitalization toolbox, you would bring on board technologies such as blockchain, cloud storage, collaboration services, interactive voice-controlled services and assistants, production robots, digital identities and sensors and integrate them into your company. This list is by no means exhaustive and can be extended at will.

To ensure that the technology used can develop its optimum effect, it is interconnected and supplemented and controlled by intelligent information and communication technologies. Processes are continuously digitalized and automated, not only within the company, but also up to a continuous customer and supplier integration.

Modern enterprise software in combination with RPA (Robotic Process Automation) and artificial intelligence (AI) will become the central element of your company's value chain. In its full digital form, everything is networked with each other, the hardware/software and network technology used is no longer just within your company perimeter and interacts with each other.

Legal risk factors
Increasing networking has a very large impact on your data and its protection. You are not only responsible for your own data protection, but increasingly for the protection of your customers' and suppliers' data.

Rules, standards such as ISO 27001/2, NIST etc., guidelines, requirements, regulations and the law, such as the Data Protection Ordinance (DSGVO) or the Federal Data Protection Act (DSG, SR 235.1), form the basis for the need for protection. The fact that you as a company have to provide proof of who had access to which data and when, as well as the safeguarding of the data lifecycle, are sometimes the driving forces behind the spread of Identity Governance Administration (IGA) and also cyber security and cyber defence solutions on the market.

Human risk factors
The human being as the central link is the biggest risk factor in your company! The increase in efficiency achieved through digitalization will have a strong influence on the tasks, responsibilities and competencies of your employees and will not leave your company organization unscathed. Job profiles will change, as routine tasks in your company will be increasingly digitalized, automated and taken over by the system. This in turn will mean that your employees will have to take on more and more complex and demanding work and that not everyone will be able to keep up with this change.

The biggest cyber security vulnerabilities according to Deloitte's Cyber Security Report According to Deloitte's "Cyber Security Report", careless handling of data due to negligence, error or malice on the part of employees and the use of mobile devices are the greatest cyber risks and security gaps within a company.

The insight from Dan Ariely's book "Thinking Helps, but Doesn't Help: Why We Always Make Unreasonable Decisions" shows us that we humans make irrational decisions much more often than is generally assumed. This, coupled with the increasing highly interconnected system complexity resulting from digitization, is becoming a toxic cocktail of cyber risks that we should pay attention to!

Our task is to take measures to protect our corporate assets. Assets worth protecting (infra-structure, data, licenses, concepts, patents, customers, employees, suppliers, etc.) can no longer be regarded as isolated individual assets, but are increasingly merging into a large, very complex and no longer separable overall system that requires holistic protection.

Prevention is better than cure! Only through active cyber risk management can you effectively protect your company!
The investments in an effective cyber defense will therefore have to go hand in hand with the increasing degree of digitalization maturity in your company. Otherwise, you run the risk of cybercriminals exploiting gaps in your overall system, making you vulnerable to attack and blackmail.

More and more often, people who have access to sensitive data are spied on, penetrated and even blackmailed through social engineering. The data and information gained from this often serve as the first step in a cyber attack, in which the attackers try to penetrate and advance successively into your overall system via your processes and the technologies used. It often takes months until the attackers get to the core of their interests and even more often such attacks remain undetected for a very long time or are not even detected. Systematic, proactive and effective cyber defense is therefore of central importance.

Before you can act, however, you need to know which assets require which protection, which risks you have taken and which you would like to take consciously, or where you would like to insure yourself. It is important to identify and classify risks and to take the appropriate measures. For the initial start, we offer you a free quick check for your company.