Top 5 cyber risks and how they've changed in the pandemic
- 17 September 2020
Recent ORX study shows that top cyber and information security risks are consistent across the industry
As the coronavirus (Covid-19) pandemic hit the globe, financial organisations found their operating environments and risk profiles changing drastically. To help operational risk practitioners understand the impact of the pandemic on their organisation's risk profiles we ran the Covid Risk Review, which provided a picture of the current risk landscape and explored how things had changed. Information security, including cyber, risk came out as the second most significant risk in the study.
We followed the Covid Risk Review with a short study focused solely on cyber and information security risk. This survey involved cyber and information security risk experts from 55 of our member firms and asked them for their personal observations and insights. Independent of their role, seniority or sector, our participants largely reported the same level 2 risks (aligned to the ORX Reference Taxonomy level 2 risks) within their top 5. Here's what they told us were the top risks on their agendas right now.
Top 5 level 2 cyber & information security risks
1. Cyber risk events
Unsurprisingly, cyber risk events worried our participants the most. Since the start of the pandemic there have been widespread reports of cyber attacks across a range of industries. The key concerns our participants reported included:
- More frequent and sophisticated attacks leading to a potential increase in success rates
- Relaxed or adapted controls to enable remote working
- Actors exploiting fears and concerns associated with the pandemic
2. Data privacy breach/confidentiality mismanagement
Potential failings in data privacy and confidentiality was the next highest risk on our respondents' agendas. The chances of breaches and mismanagement have increased during the pandemic due to the reduced monitoring and oversight of employees and systems.
On top of this, many organisations have seen rapid changes made to products and services, sometimes without the necessary implementation or adaptation of associated controls. The impact of coronavirus on third parties can also mean that there is a higher chance of their controls failing, resulting in data breaches.
3. Data loss
The pandemic has forced financial firms to change the way that they are operating and how their staff work. The move to remote working is one of the key drivers behind the level 2 risks reported in this study. It not only reduces monitoring and creates difficulties for controls, but it also increases the chance of information being physically lost. In addition to this, our participants were concerned that systems and applications may not be implemented properly and could therefore result in data losses.
4. Improper access to data
Again, this risk is driven by changes to working methods and people (read more about the importance of people in this blog on lessons operational risk can learn from coronavirus). The main issues identified by our experts were changed access patterns due to remote working, adapted controls creating access loopholes or workarounds and employees being granted new access rights to fill staffing gaps.
5. Unavailability of data
The final level 2 risk that made our participants' top 5 is the unavailability of data. A risk which is increased by the disruption caused by rapidly implemented changes to applications and the instability of these applications, connections and systems. This is further compounded by the interdependency of many of these systems.
Get deeper insights with ORX Membership
With ORX Membership you can get more insights and a deeper understanding of operational risk management. ORX Membership gives you access to data, research and a network of more than 2000 operational risk professionals.