{"id":90514,"date":"2020-01-29T09:00:52","date_gmt":"2020-01-29T17:00:52","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90514"},"modified":"2023-09-26T08:38:21","modified_gmt":"2023-09-26T15:38:21","slug":"cyber-risk-assessments-the-vaccine-for-companies-in-the-fourth-industrial-revolution","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/01\/29\/cyber-risk-assessments-the-vaccine-for-companies-in-the-fourth-industrial-revolution\/","title":{"rendered":"Cyber-risk assessments\u2014the solution for companies in the Fourth Industrial Revolution"},"content":{"rendered":"
Technology continues to play a critical role in shaping the global risks landscape for individuals, governments, and businesses. According to the World Economic Forum’s Global Risks Report 2020<\/a>, cyberattacks are ranked as the second risk of greatest concern for business globally over the next 10 years. Cyberattacks on critical infrastructure\u2014rated the fifth top risk in 2020 by the expert network\u2014have become the new normal across sectors such as energy, healthcare, and transportation. This confirms a pattern recorded in previous years, with cyber risks consolidating their position alongside environmental risks in the high-impact, high-likelihood quadrant of the report\u2019s Global Risks Landscape.<\/p>\n The cyberattack surface (the totality of all information system and internet exposure) is growing at a rapid pace. In parallel, inherently borderless cybercrime is impacting victims around the globe, with the authority of law enforcement often constrained by jurisdiction and the limitations of legal processes serving to request information beyond national borders. Moreover, cybercrime-as-a-service is a growing business model, as the increasing sophistication of tools on the Darknet makes malicious services more affordable and easily accessible for anyone.<\/p>\n In this context, a cyber-risk assessment is crucial to any organization\u2019s risk management strategy. A cyber-risk assessment provides an informed overview of an organization\u2019s cybersecurity posture and provides data for cybersecurity-related decisions. A well-managed assessment process prevents costly wastes of time, effort, and resources and enables informed decision-making.<\/p>\n Many jurisdictional instruments, including the European Union General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 in the United Kingdom, require risk assessments to be conducted. Any organization with a digital footprint should have an understanding of their cyber preparedness to ensure that the leadership does not underestimate or overlook risks that could cause significant damage.<\/p>\n Yet today, cybersecurity awareness is largely insufficient and there is no standard approach among investors and corporate leadership for evaluating the cybersecurity preparedness of their own, or their portfolio of companies. A cybersecurity-focused culture, based on cyber expertise and awareness, is vital to prioritizing cybersecurity in the investment process.<\/p>\n Including cybersecurity risk assessment in the investment and decision-making process is a rather new approach. The World Economic Forum along with leaders and cybersecurity experts in the investment industry have developed a due care standard to guide investor responsibility in terms of cybersecurity<\/a>. Tailored to investors\u2019 needs and principle-based, it aims to influence behavioral change rather than merely prescribe specific action to be taken.<\/p>\n <\/a><\/p>\nCybersecurity-focused<\/h3>\n