Global cyber losses expected to reach $6 trillion by 2021 - report

But some companies still don’t completely grasp the impact a cyber incident can have, says Aon executive

Global cyber losses expected to reach $6 trillion by 2021 - report

Cyber

By Ryan Smith

Annual global cyber losses are expected to hit US$6 trillion by 2021, with cybersecurity spending projected to exceed a total of US$1 trillion for the five years leading up to 2021, according to a new report from Aon quoting statistics from Cybersecurity Ventures.

While the immediate costs of a cyberattack can be significant, Aon’s report suggested that damage to a business’s reputation could cost just as much or even more in the long term.

“The reputational crisis resulting from an attack can erode a company’s market value, destroy brand loyalty, limit companies’ digital transformation efforts and even lead to a credit-rating downgrade,” Aon said. “An effective cyber resilience strategy can help mitigate both immediate and long-term financial losses.”

“Some companies still don’t fully understand the impact a cyberattack can have on a business,” said Onno Janssen, Aon CEO of Risk Consulting & Cyber Solutions EMEA. “Understanding the worst-case scenarios and their impact to a business is crucial to developing an effective resilience strategy in which cyber is managed as an enterprise-wide risk across the entire organisation. The cyber threat is amorphous, and the technology it exploits is advancing at a dizzying pace, so the risk landscape is never going to stand still.”

Janssen said business leaders needed to prioritise defending against cyber risk.

“The C-suite will have to aim to constantly improve its holistic cyber risk management strategies to prevent, prepare for and be able to respond to a cyber crisis,” Janssen said. “Ultimate responsibility for all risk management efforts resides in the boardroom.”

Aon’s report outlined four steps for building an effective cyber resilience strategy:

  • “Take it to the top”: While cyber risk management should be an enterprise-wide concern, final accountability for understanding the costs and consequences of a cyberattack rests with the board.
  • “Unite your business”: Cyber risk is a threat to the whole business, calling for a multi-level response that involves every relevant stakeholder.
  • “Get ahead of the game”: Businesses shouldn’t wait for a cyberattack to happen before acting. Incident-response training is critical to preparing a business to respond effectively to an attack.
  • “Protect your balance sheet”: Cyber insurance can protect an organisation’s balance sheet by providing a financial payout after a cyberattack, as well as providing pre-loss and post-loss services.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!