April 16, 2014
Beyond Data Breaches: Global Interconnections of Cyber Risk
Read the report
"Governments and organizations need to take a holistic view and look beyond the issue of data breaches to the danger of global shocks instigated and magnified by the interconnected nature of the Internet," Frederick Kempe, president and CEO of the Atlantic Council, said underlining the relevance of the report. Kempe noted that current approaches to cybersecurity are limited in that risk managers treat cyber risks in an insular and narrow fashion while neglecting evidence of wider systemic risks. Michael Kerner, CEO of General Insurance at Zurich Insurance Group stressed that organizations must look at interconnected risks that exist beyond internal safeguards which concentrate among counterparties and external sources like customers, vendors, outsourced contractors, or parts of the supply chain.
Overall, the Internet has been resilient because of a combination of stable technology, dedicated technicians, and proven resistance to random outages. So far, the effects of cyber incidents have been either widespread but fleeting, or persistent but narrowly focused. No attacks thus far have resulted in both widespread and persistent disruption.
"The extended period of stability and prosperity we have seen from the Internet is likely to change in the future. More shocks will be initiated or amplified through the Internet," said Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security and the primary author of the report. As society becomes increasingly coupled with the real economy and society, Internet failures are more likely to have real–and increasingly precarious–consequences, going beyond effecting things made of ones and zeros.
Steven D. Crocker, one of the creators of the Internet claimed that "although knowledge of the basic technology of the Internet has improved, the possible aggregation of risks and the unforeseen coupling of risks may cause the most serious consequences." The report recommends that understanding of collective risks need to be much more comprehensive and expansive within governments and companies, and that risk managers seeing far beyond their internal IT enterprises have to better grasp their vulnerabilities. Accordingly, Dan Riordan, CEO Zurich Global Corporate North America underscored that "comprehensive understanding of cyber risks is the prerequisite to their management. In this regard, emphasizing cybersecurity, beyond risk managers to C-suite is a notable positive evolution in tackling the current challenges."
Catherine Mulligan, senior vice president of Zurich North America added that creating a culture of awareness of risks within an organization is another way of strengthening the preparedness of an organization for future cyber shocks. Because too much risk faced by companies will be external, complex, and interdependent, the main hope for companies is resilience, the ability to bounce back from disruptions or to make them as short and limited as possible.