Commentators often claim that we are in the midst of a new industrial revolution. However, if that is the case, the current industrial revolution is fundamentally different to the one that fills the pages of History textbooks. In the 18th/19th century, it was all about tangibles: people making things. Fast forward to the 21st century and intangibles are the name of the game. Change is driven not by our manufacturing ability but by our access to and use of ever-increasing amounts of data.
We now live in a world where Uber, the world’s largest taxi company owns no vehicles, and where Facebook paid $22 billion for a mobile messaging application, WhatsApp, that had generated only $10.2 million in annual revenue but with a growing user base of more than 400 million active users. Data is at the centre of this new world and this is fundamentally changing the nature of modern business. Our increasing reliance on data has opened many doors for modern businesses but also exposes them to new risks. Reputation losses from cyber incidents – when the data we rely on is lost, made inaccessible or compromised – can be significant but can also be mitigated with the right risk management strategy and an understanding of potential exposure.
Cyber Incidents
The term ‘cyber’ means different things to different people, complicating any discussion of cyber risk. However, at its simplest, ‘cyber’ means data and the IT infrastructure that stores and processes it.
Cyber incidents negatively impact business in several ways. Firstly, breaches of cyber security can lead to physical damage. A famous example of this comes from June 2010 when it was discovered that Stuxnet, a 500-kilobyte computer worm, had infected the software of a uranium-enrichment plant and at least 14 other industrial sites in Iran. The worm gained access to the control systems of the fast-spinning centrifuges at the uranium plant causing them to fail at an unprecedented rate. Another example comes from Germany where hackers manipulated and disrupted the control systems of a steel mill so that a blast furnace could not be properly shut down. According to a report by Germany’s Federal Office for Information Security, the hackers gained access to the steel mill through the plant’s business network via a spear-phishing attack and worked their way into production networks to access systems controlling plant equipment – resulting in “massive” damage.
Cyber incidents also include systems failures and software upgrade issues which create an inability to process data. An example of this can be found close to home when, in January this year, a technical glitch with the implementation of a fare increase by Transport for London meant passengers were unable to use their Oyster cards and so barriers were left open at stations around London for about three hours leading to around 100,000 free train and bus journeys and £250,000 in lost fares.
