Risk awareness has not improved among organisations. Cyber threats are matter-of-fact and increasing, but litigation is a more significant issue than regulation. If your organisation is not crisis-prepared and is not risk-aware, it will likely find itself in trouble sooner rather than later.
Back in February 2020, I did a thought leadership video for Huawei, which was based on a script that I had written early – before all were aware of the impending pandemic. It highlighted our societal incompetence to notice and lessen risk.
Many of its points were directly related to COVID-19 despite not mentioning the health risk.
SEE THE VIDEO HERE:
After posting it on leap day (29th February 2020), it accumulated about 1 million views within its first week. Its main focus was on the fact that cyber risk for business has overtaken financial risk as the most significant threat to our organisations and society. In the video, I ask if we have a plan in place to handle it.
After the financial crisis, I questioned whether we had learned anything from it or if we were destined to make all similar blunders again.
Failing to value and address health risks is one of the mistakes the entire world did make and allows a pandemic to get out of hand. Conspiracy theorists around today talking about health risks rather than cyber security businesses may start accusing me of knowing about COVID-19 in advance and maybe even being behind it.
We all have survived through a twelve-month case study on health risks and how not to deal with them; most organisations remain incidental to the upcoming cyber risk.
Now a year or so after the whole video shoot, I wanted to take the chance, yet again, to tell communities to wake up to the cyber security risks for businesses. The current SolarWinds incident has shown that nobody is secure from hackers – not even the US military, the NSA or the White House. As I recently consulted with Dez Blanchfield, the difficulties are considerable, but action needs to be taken urgently.
If organisations, value data as both an asset and as a liability, had a better appreciation of risk and understanding, then they’d be doing a fantastic deal more to make sure that they are prepared for the crisis.
It’s not just you; it is human nature that until we sink, we never think of life rafts. But, for a change, we are required to think of it today and make sure that the organisation is prepared with its own life RAFT – Risk Awareness, Flexibility, and Trust.
Not only are companies like Facebook being targeted with mass privacy claims, but even organisations with ISO 27001 certification and a cyber security business strategy have also had breaches and have faced class-action lawsuits. Regulators will need proof that risks had been properly evaluated and that rational processes and defences were in place and had also been tested.
Give thought to how you might defend your decisions and actions in court, as you may need to do so one day, as you consider your risk appetite. And legal action isn’t only being taken against decision-makers, organisations, and board members being held separately liable.
After an entire year, rewatch the original video and pay better attention to its warnings. We are all now a year older, but are we any smarter?