The Global Context: Cyber Risks, Reputation and the Real World

Posted On 20 Mar 2018
Comment: Off

Cyber security, the EU’s upcoming GDPR, reputational risk and regulation and compliance are among the chief concerns for businesses voiced by some of the UK’s leading risk experts as they look ahead into 2018. In the second instalment of an exclusive series for Risk UK, Nicola Crawford outlines the main points to be considered by today’s practising professionals.

This year will be the one when the world recognises that the majority of assets in the modern economy are intangible and the rapid movement to just-in-time and cloud-based economies creates significant vulnerabilities. More events will revolve around the impacts of cyber attacks on the real world. It will be less about data loss or ransomware attacks and more about the ‘real economy’ (as we saw in 2017 with Merck Pharmaceuticals and Reckitt production operations, including the extended supply chain being impacted).

In other words, the cyber world and the extended supply chain will merge in terms of risk exposures. This will create new challenges for practising risk professionals.

Alexander Larsen CFIRM, president of Baldwin Consulting and IRM trainer for Bitcoin and CryptoCurrencies Bubble, stated: “2018 will be the year that Bitcoin goes mainstream. Having had a meteoric rise in 2017 with an increase of nearly 1,000% in price, Bitcoin has been receiving significant coverage in the media which has brought it to the attentions of the general public. A number of factors are coming together to indicate that 2018 will be the year that big money comes rushing into the cryptocurrency, including the intention of major funds to start investing as well as new platforms being introduced and making it easier to trade for individuals.”

Larsen feels that Bitcoin is already volatile, although a less volatile investment than most cryptocurrencies which are known to swing by as much as 30%-40% per day and on occasions as much as 1,000% in a day. “This new money flooding the market will no doubt drive the price up to new heights,” said Larsen, “which leads me to believe that a major crash and correction will be on the horizon for 2018. Many people will lose a lot of money, although it remains to be seen if Bitcoin will survive or if the bubble will finally have burst.”

Something that’s certainly likely is major regulations being put in place to control the trading of bitcoin, cryptocurrencies and the issuance of new tokens.

Reputational risk

Reputations take years to build and can be destroyed in seconds, as they say. The risk of reputational damage to organisations, Governments and individuals appears to be higher than it has ever been. This is a trend that’s likely to continue.

A reputation is put at risk when some unethical or incompetent behaviour becomes public knowledge. This can be through the actions of an individual or something more systemic at an organisational or Governmental level. The media has been full of recent examples involving organisations (FIFA, IAAF), Governments (Brazil, Angola, and Zimbabwe), companies (VW, Rolls-Royce), industries in general (Hollywood) and individuals.

The damage caused can manifest itself in the shape of lost revenues, increased costs and, in the case of listed companies, reduced shareholder value. Usually, heads roll as well.

Where a company’s reputation is its main asset, damage can result in failure, as was the case with Arthur Anderson.

Heart of the problem

So why is this trend likely to continue? “Well,” said Ray Flynn CMIRM (independent risk consultant and IRM director), “the heart of the problem in each case – complacency and, in the extreme, arrogance – is unlikely to change. The mentality of ‘this will never happen to us’ and ‘we have systems in place to prevent this from happening’ is hard to shake off. Very few have the foresight to address this particular risk until there’s an ‘issue’ that forces them to act. The risk of exposure is also increasing. There’s an element of iconoclasm and bloodletting involved as the gap between the ‘haves’ and ‘have nots’ increases, which supports whistleblowing and places direct pressure on regulatory bodies to act.”

The frequency of prosecutions for bribery, particularly in the UK and the US, but also elsewhere, as well as the level of fines imposed are increasing rapidly. This is another trend that’s highly likely to continue.

“The bad news is that this comes with public battle weariness and shock fatigue,” added Flynn. “Those exposed are likely to suffer less and less damage. The good news is that sound risk management is the best way to protect a reputation including, as advocated in the guidance to the UK Bribery Act, having a fresh pair of eyes to carry out an independent review of systems already in place.”

Alyson Pepperill CFIRM (client projects director for UK Retail at Arthur J Gallagher and chair of the IRM’s Charity Special Interest Group) explained: “Regulation and compliance will continue to be a key theme. There will be continued scrutiny of the charity sector by regulators, whether it be the Charity Commission, the Fundraising Regulator or the Information Commissioner’s Office. In 2017, selected charities were hauled over the coalsby all three. We don’t see this pattern changing.”

The European Union’s General Data Protection Regulation (GDPR) has been a key focus of many charities’ efforts to be compliant ahead of the looming May 2018 deadline. This focus will continue up to and beyond the deadline for most.

Linked to the GDPR, and in line with many ‘for profit’ organisations, the broader context of cyber risks and their management remains a struggle for charities. Charities are known as innovators and will try new ways of generating funds that can potentially increase their exposure to cyber risks.

“A more particular sector risk is the need for charities to measure through evidence-based reporting what they do and how successful they are at their delivery,” asserted Pepperill. “The expectations around how this is reported to key stakeholders have been increasing and, for many charities, represents a significant risk. If they fail to be accountable, the funding could then dry up.”

Finally, we still see financial sustainability as a real challenge for many charities reliant on local Government and National Health Service contracts, as well as funding from central Government continuing to be cut back. Volunteering has reduced over the past year and this could place further strain on charities to balance the books. They have to care, respond to their mission with determination and create impact, keep costs down and comply with all manner of regulations.

“The request for support never goes away,” concluded Pepperill, “but charities continue to be squeezed and squeezed. This is likely to result in some charities having to close or perhaps an increase in mergers.”

Shift to renewable energy

A major shift from oil and gas towards renewables is already happening on a global scale. This isn’t only occurring in terms of power generation, it must be said. It’s also occurring in the sphere of transportation.

The EU has already targeted 2035 as being a year in which all new cars sold will be electric. Many individual countries like Scotland have announced more aggressive targets, while several Scandinavian countries are already well on their way towards becoming an electric car-driving nation.

This major shift places significant pressure on oil and gas companies as well as car manufacturers to reconsider their strategies and business models. Companies in the sector will need to evaluate their target markets and offerings carefully, while also thinking seriously about what they want their company to look like in ten-to-20 years’ time.

Oil and gas companies will need to position themselves for developing economies, while also making a decision on how heavily they wish to invest in renewable energies or if there’s any appetite to look at mining materials for batteries. For car manufacturers, there will have to be a blueprint for future development work on electric vehicles. Like the oil and gas companies, they too will need to decide how heavily they wish to be involved.

Decisions made during 2018 could well turn out to be the difference between success and/or failure in the future.

Nicola Crawford CFIRM is Chair of the Institute of Risk Management

 

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.