Key takeaways from Aon’s 2018 Cybersecurity Predictions report.
The big idea
Companies’ increasing reliance on technology, regulators’ focus on protecting consumer data, and the value of non-physical assets are causing a convergence of cyber exposures that will require security to be integrated into both business culture and risk management frameworks.
Today’s silo-driven approach to cyber risk management will begin to disintegrate in 2018, in favor of a coordinated C-suite driven approach as leading companies begin to view the impact of cyber risk holistically across all functions of the enterprise .
A few bold predictions for 2018
Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability.
- Insurance industry will develop new cyber policies
- Restrict “silent” cyber coverage in existing policies
- Insurers and reinsurers push for better quantification / modeling to understand correlation and aggregations
As the physical and cyber worlds collide, chief risk officers take center stage to manage cyber as an enterprise risk.
- Role of CRO will be redefined - work with CISOs and executives to understand enterprise risk from cyber
- Will make CRO one of the CEO’s most valuable assets
- Provide meaningful risk story for board and executives, leads to better investment in cybersecurity measures
Criminals look to attack businesses embracing the IoT, in particular targeting a small to mid-sized company providing services to a global organization.
- We will see an attack on a SMB due to poor IoT security that will impact network of a large organization causing exponentially more damage
- Large organizations will be more diligent in vetting vendor IoT security
- SMBs will need to improve cybersecurity measures to win work from large companies
Criminals will target transactions that use points as currency, spurring mainstream adoption of bug bounty programs.
- Bug bounty programs will expand to the wider airline industry, and retail and hospitality sectors, to protect points used as currency
- Will require external experts to build effective bug bounty programs