Cyber Incidents as the Biggest Business Risk – How Prevention Should Look Like

Author
Philippe Vetterli
Published
07. June 2023

The unwelcome trend continues – with no improvement in sight: cyber incidents and business interruptions remain some of the biggest business risks worldwide. This fear is “well-founded”. Last year, 60 % of companies worldwide were affected by a cyber attack, rising to almost two thirds of Swiss companies. In this article, you will learn what the most common types of damage are, what they cost on average, what effective prevention should look like and how you can protect your company from cyber attacks. 

A range of studies do not bode well: risk-management experts, including CEOs, risk managers or insurance experts, currently see companies being at the greatest risk from cyber incidents. For example, ransomware attacks, IT outages or data breaches are repeatedly ranked as the most important risk – globally. But what does that mean for Switzerland in concrete terms? 

Switzerland as a popular target for cyber attacks

According to the latest Cisco Cybersecurity Readiness Index 2023, 61 % of all Swiss companies were affected by a cyber security incident last year. According to the study, the most frequently cited loss events were: 

  • Malware (67 %)
  • Phishing (57 %)
  • DDOS attacks (41 %)

60 % of companies worldwide were affected, an almost identical figure. What is more striking, however, and where the discrepancy is greater, is in the amount of damage.

Average amount of damage caused by cyber attacks

While a cyber incident last year cost affected companies around the world an average of more than $ 300,000, the average cost for a company in Switzerland was more than $ 500,000. No prizes for guessing who and where the attackers know they can get more money from.

Only one in 10 companies is sufficiently protected

Many experts do not expect any improvement in the future, either. In Switzerland, for example, around 80 % of respondents expect their businesses to be affected by cybercrime in the next one to two years. This is one of the reasons why companies want to increase their budgets for cyber security and cyber defence by an average of 10 % this year. According to the study, only one in 10 companies is currently sufficiently protected.

Cyber defence: prevention is key

But why are companies inadequately protected today, with the threat situation being so acute and cybercrime forming one of the biggest threats of our time? This is due to the complexity of the matter as well as advancing processes of digitalisation and networking along with other, much more mundane aspects. Many companies are simply inadequately prepared for a security incident and its consequences. Our experts have identified the biggest challenges – which are daunting, to say the least:

  • No preparation for emergency operation
  • Lack of or inadequate preparation for a cyber-attack – both on the management and IT side
  • Existing plans have not been sufficiently tested
  • IT has no proxy and cannot fully focus on overcoming a cyber attack

So, the key question is: what is the best way to prepare for a security incident? With our incident response plan, we have developed an approach for our customers that provides answers to precisely this question and has proven itself in practice.

Professional preparation for a cyber attack

The first step requires an individual emergency process tailored to your company. It is further necessary to establish crisis organisations as well as processes for handling, recovering from and managing cyber incidents. Finally, a continuous optimisation process is required with the aim of successfully preventing future incidents. Practice clearly shows that professional preparation for a security incident can be crucial. Careful elaboration of the following process steps will allow you and your management to sleep soundly – knowing that you have taken the necessary precautions and are well prepared for any incident that may occur:

  • Emergency operation
  • Crisis management
  • Handling
  • IT recovery
  • Continuous improvement process

The goal of this elaboration process is to give you a complete set of professional documentation in the form of a concrete Incident Response Plan for your company that provides a blueprint of how to proceed in case of a possible cyber incident. Our experienced cyber security consultants enable you to carry out the final steps in this process independently.

Incident Response Plan

Better safe than sorry: incident response retainer

So far, so good. But precisely because a cyber attack can hit your company at any time – the question is now no longer if, but when it will happen – it is essential that you have the active support of an experienced and competent partner at your side in addition to professional preparation including documented (emergency) processes. If necessary, your company needs immediate access to (external) specialists. In addition to technical hurdles, it is ultimately also necessary to inform customers, business partners and not least your employees, and possibly also the public. You gain valuable time if you can rely on your proven partner – and do not have to evaluate a suitable partner and hammer out the contractual details for support in dealing with a cyber attack. An incident response retainer gives you peace of mind. This service is aimed at companies and is the optimal solution when it comes to acting quickly, efficiently and effectively.

Incident Response Retainer

Conclusion

Professional preparation including a documented and rehearsed emergency process as well as the (early) evaluation by a competent cyber security partner on your side can be decisive factors in successfully handling a cyber attack in case of emergency. Once you have done this homework, you can look to the future with more confidence, despite the gloomy predictions of your industry peers according to the Cisco Cybersecurity Readiness Index 2023

Share article