Feature: While cyber risk is inevitable, resilience is a choice
Russ Kirby, Assistant Vice President, Senior Account Manager of FM Global, on how businesses can reduce the damage that cyber-attacks can cause.
Over the last twelve months, cyber threat has become a primary concern for decision makers at multinational organisations.
In January 2018, the World Economic Forum’s Global Risk Report reinforced this concern, ranking cyber-risk as the third most likely risk that businesses will face this year. Clearly, the C-suite’s concern is justified – but why is the threat of cyber of increasing? And what can businesses do to mitigate the risk of an attack occurring, as well as reducing the damage, should an attack occur?
Why is the threat from cyber-attacks increasing?
Cyber-threat faced by businesses is increasing for many different reasons. One is simply that there are more internet-connected devices than ever before. In 2017, there were approximately 8.4 billion devices connected to the Internet of Things (IoT). This is expected to rise to approximately 20.4 billion by 2020. With more IoT enabled devices being used by businesses and employees in the Industrial internet of Things (IIoT), the risk of hostile cyber attacks increases proportionally.
- Business Chief, Europe edition - April issue OUT NOW!
- Top 10 biggest companies in Europe by revenue
- Nokia, Telia and Intel conduct groundbreaking 5G trial in Oulu, Finland
The increasing use of internet-enabled devices by both businesses and consumers unfortunately represents a major security risk. Many of these devices are built without adequate security features installed, often relying on factory-set passwords to provide protection. Additionally, many of these devices, such as industrial control systems, can be difficult to update with new security features, exposing those devices to hostile attack.
The scale of cyber-attacks and the potential for major damage is also increasing at a rapid pace. Distributed denial of service attacks (DDoS), were once considered a rarity, but in 2016 nearly 3 trillion hostile attacks were observed on a monthly basis. According to the Global Risks Report in 2017, attackers have also become more persistent, targeting each DDoS target on average 32 times over a three month period.
Given this increase in cyber-threat, businesses and the C-Suite should be aware that the scale of attacks they will likely face in 2018 and beyond will increase. However, all is not lost, there are measures that can be taken to minimise the impact of a cyber-attack and enhance resilience.
How can businesses enhance resilience against cyber-attacks?
Primarily, the C-suite must ensure that a culture of resilience is instituted throughout the business. Resilience is a choice, a choice that can protect both bottom-line and reputation. To improve resilience against the threat of cyber-attacks, businesses need to assess their critical data assets and ensure that steps are taken to improve human behaviour in relation to cyber-threats, technological security systems, physical security, as well as improving cyber-security across supply chains.
To build cyber resilience, businesses should:
• Engage and coordinate across all areas of the business from C-suite to IT to operational functions. Cyber risk it not just an IT issue.
• Improve employee training to make personnel aware of various types of cyber-attacks, how they operate, and steps to ensure that an employee does not unwittingly initiate a cyber-attack.
• Ensure that adequate security procedures are in place to stop external individuals from gaining access to sensitive areas. Only personnel with a specific clearance should have access to server and network rooms, and all externally-contracted staff should only be permitted access following sufficient background checks.
• Computer systems should always be updated with the newest patches provided by the software companies. The WannaCry attack, which affected 300,000 computers across 150 countries, illustrated that a failure to keep computer systems up-to-date can cause major disruption. Hostile attackers can cause major damage or hold systems to ransom for financial gain.
• Data held by third parties should be restricted. Businesses could be vulnerable if a third party suffered a data breach and sensitive information was lost, such as passwords. This should coincide with employee training that advocates various passwords being used by employees, minimising the risk of a damaging attack.
• Finally, the C-Suite should also seek to impress upon key suppliers the importance of cyber-security and risk mitigation improvements. Ideally, alternative suppliers should be on standby that can begin operating as needed.
What should businesses do to ensure that recovery occurs quickly following a cyber-attack?
When a cyber-attack does occur, businesses must be able to recover as soon as possible. A culture of resilience will be a major benefit in the recovery process, although the C-Suite should also look to take additional steps to improve this process.
These steps should include:
• The creation of detailed Business Continuity Plans, which can be implemented as soon as a cyber-attack occurs. This should detail priority areas and how employees should respond, who should be responsible for various actions, as well as how various external stakeholders should be contacted.
o Working with an experienced communications team can mitigate the reputational damage suffered when a cyber-attack occurs, and can assist with reputation recovery in the adverse environment created by the attack.
• Cyber-security and IT experts should be available as soon as possible, to begin assessing the damage caused by a cyber-attack, and to ensure that intruders are removed from compromised systems swiftly.
Finally, businesses should partner with an insurer that has a clear understanding of the issues created and the damage that can be caused by a cyber-attack. Preferably, the insurer and the insured should be working towards a long term partnership and a mutual understanding of the insured’s business, its cyber risks, and policy coverage. This will ensure that claims can be paid as swiftly as possible, providing the insured with the necessary capital to continue operating during a loss event.
In 2018, resilience is one of the greatest assets that a business can have. At FM Global, we believe that resilient businesses are successful ones. Whilst cyber-attacks are evolving quickly and can cause major damage to businesses, building resilience into your organisation will allow it to recover quickly, which will minimise disruption in the long term.
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”