There are likely to be three main areas of growth in cyber security in the next decade: cyber risk, cyber insurance and Internet of Things (IoT) security.
It is incumbent on boards to protect the company’s assets, and cyber risk must be understood in monetary terms to communicate it to the board in a language easily understood. This will enable the board to implement a coherent, robust cyber security strategy.
The cyber insurance market is embryonic, and businesses need to understand the level of insurance required. To do this it is vital to evaluate cyber risk. It is easy to underestimate, and therefore under insure, the financial impact of a cyber-attack. Insurance companies are increasingly recognising the need to differentiate themselves and price policies on the actual risk of the insured. Measuring cyber risk requires understanding how business assets are impacted by a cyber-attack. Risk metrics determine how much insurance is actually required by a business.
t is anticipated that by 2020 there will be over 50 billion IoT devices. Recent IoT centred DDoS attacks have caused recent outages for many websites including Twitter, Amazon and Tumblr.
Ultimately, organisations must be proactive in relation to cyber security, factoring security into developments up front rather than reacting to incidents. Cyber risk evaluation is key; cyber insurance provides an extra level of protection, although the risk of inadequate coverage is ever present, and IoT security must be considered to avoid serious repercussions.