2 minute read
Risks of the Digital Economy
The exposure to cyber risks is growing most rapidly in the transformation of the retail and commerce space, where disruptive new online business models are challenging traditional business processes. Cyber risk for all businesses is changing rapidly due to explosive growth in digital attack surfaces as companies are taking advantage of digital efficiencies on consumer habits. The number of devices being operated by businesses, and number of commercial endpoints being connected to the internet are growing at rates of around 12% annually; new active websites are increasing at over 26% per year, and the volume of web traffic to commercial websites is typically seeing doubledigit annual growth in many sectors.24
There is an increasing propensity for cyber-induced business interruption as companies are increasingly digitizing their supply chains. Services and assets that were once held in-house are transitioning to digitally outsourced vendors. Particularly for consumer-facing companies, physical and online financial payment systems are often provided by third-party vendors. Even the most secure organisation is vulnerable to attacks through its digital supply chain – third party vendors may compromise a large company in the process of doing business.
In a 2018 survey of 1,300 companies across the US, Canada, the UK, Mexico, Australia, Germany, Japan, and Singapore, two-thirds of companies said they have been targeted with a cyber attack costing an average of $1.1 M (USD) per attack, with 34% of companies reporting that their operations had been disrupted.25 Cloud computing continues to be growing and widely adopted by companies in the consumer sectors. See Figure 5. This shared pool of resources hosted on the cloud gives companies rapid and efficient access to services; however, it also exposes companies to widespread outages and breaches. The public cloud market continues to be dominated by Amazon Web Services (AWS), closely followed by Microsoft, Google, and IBM. They operate highly secure environments, thus malicious attacks are rare; however, when outages do happen, it is usually due to operational errors or poor configuration by its users.
Highly capitalised corporations are especially vulnerable to state-sponsored cyber activities as these actors see economic opportunity and potential to gain advanced knowledge. Nation-state cyber actors can also cause systemic cyber events leading to business interruption, corruption of supply chains, theft of intellectual property, reputational damage, regulatory fines, and mitigation costs.26
Figure 5: Annual Growth Rates of the Big Four Cloud Service Providers.
Source: Cambridge Centre for Risk Studies; Data from Rightscale, 2018
24 (Cambridge Centre for Risk Studies 2019b) 25 (Cambridge Centre for Risk Studies 2019b) 26 (Cambridge Centre for Risk Studies 2019b)
