Cybersecurity threats are becoming increasingly frequent and sophisticated: WannaCry and Not-Petya ransomware alone were responsible for over a billion dollars of losses in 2017. For treasurers, it’s important to prepare and plan for when, not if, the next cyber attack happens.
Traditionally, cybersecurity has taken a three-layered approach – protect (in order to prevent access), detect (using technological tools and specialists to identify problems as early as possible), and respond. The third of these components – the response process – often receives less attention than protection and detection. However, having a robust and well thought-out response process is critical should a company face a cyber attack and need to respond rapidly and appropriately.
Managing cyber-related risks can be daunting given the technological jargon involved. However, conventional risk management principles can largely be applied. Just as every office has water sprinklers to prevent fire damage but still practices fire drills, so all companies need to consider what will happen if their protection fails. To develop a strategic contingency plan, corporates need to consider following best practices encompassing their planning, testing and recovery.
To read the full cybersecurity report, head to Citi.com
You can also listen to our recent Cybersecurity podcast where we speak to people in charge of organising cyber defence at some of the world’s biggest corporations, and the ex-hackers they are paying to break into their systems.