trustr for Cyber Hygiene Rewards

Cybercrime is most often publicized when enterprises or individuals are financially exploited. However, these crimes are widening in scope to inflict damage that is both social (exploiting a person’s “likes” and “followers”) and physical (compromising power grids, cars, homes or even medical devices) in nature.

Human Behaviour and Digital Trust

How Unexpected Rewards Can Improve Cybersecurity,
Protect Critical Infrastructure And Reduce Costs

By Chris A. Jones, George Runger and Jack Caravelli

Embracing digital transformation at the organizational level creates new and unanticipated risks that can disrupt business and create liability. Cyber risk typically grows much faster than the asset or M&A value of the organization it disrupts. The Internet of Things (IoT) creates persistent risks that companies often do not realize. Corporate information and security teams are now faced with the challenge of thwarting nation-state bad actors who are funded for the purpose of crippling business infrastructure.
Disruptions can include technology failures, extended outages caused by malicious code, supply chain disruptions, and net income loss. The long-term damages may include privacy liability, public relations costs and loss of reputation. There are several notable examples of cyber breaches where human behavior could have prevented significant commercial losses. These include Anthem ($278m in gross impact), The Home Depot ($298m in gross loss), Equifax ($565m in gross impact), Facebook ($500k ICO Fine), Uber ($148.4m in U.S. Attorney General Settlement and French CNIL Fine), the reduced acquisition price of Yahoo! Inc ($350m) plus a Customer Class Action ($117.5m), A.P. Moller – Maersk ($250m in earnings reduction), FedEx ($400m in earnings reduction), Nuance Communications ($68m in sales reduction), Saint-Gobain (EUR220m in sales reduction), Delta’s Data Center Outage ($150m), and the WannaCry malware incident within the UK National Health Service (GBP73m in IT cost plus GBP 19m in lost output). Cyber behavior is the most important ingredient in building a cyber resilient organization; it is also the one that is most overlooked.

Cyber behaviour affects every aspect of business liability including property, intellectual property, D&O insurance and reporting, environmental risks, recall, social media extortion and terrorism. Only in the world of cyber can a small human behaviour, such as downloading a phishing email, lead to significant business interruption in a matter of seconds. Added to these costs are breach response expenses, cyber extortion, and class action settlements.

In healthcare, on the “black market,” medical information is worth approximately 6X the value of the corresponding financial information for the same individuals. Accidental (meaning avoidable and behavioural) disclosure is still the top cause of loss for healthcare organizations, and healthcare organizations are the most vulnerable to ransomware, followed by professional services, financial institutions, and retain and educational organizations.