Geopolitical Risk - Cyber

How can geopolitical events affect your cyber security?

The effects of geopolitical events on cyber risk, and vice versa, are seen regularly and with increasing frequency. Cyberspace and advancements in technology have seen the rapid growth and digitisation of the economy, and with that, the boundaries between businesses and governments have blurred.

Businesses that traditionally sought to specialise can now span many industries in order to create “fuller” solutions, and have further integrated themselves within both the civic and public sectors through collaborations and partnerships¹. The blurring of these boundaries, therefore, has meant that all operational entities, whether directly or indirectly, are to some degree likely to have exposure to cyber risk and cyber threats.

Geopolitics and cyber risk

From state-sponsored cyber warfare to the Industrial Internet of Things (a network of everyday, physical devices that can connect to the internet²), geopolitically driven cyber-risk is ever present.

• Have you asked yourself what is the connectivity within your organisation and to your partners?
• Are you confident that your plans/strategy to mitigate against cyber risks are robust?

Business leaders and government officials alike realise that cyber security is a key strategic issue – one that can threaten a nations and an organisation’s reputation. With the average data breach costing $3.86 million, leaders are now beginning to acknowledge the growing importance of the issue³, but few understand how to proceed.

During 2020, Gartner wrote that worldwide cyber security spending would be expected to reach $123.8 billion by the end of the year, a 2.4% growth in comparison to 2019⁴. As organisations are becoming more threat aware, and leaders are acknowledging the significance of cyber risk on their organisations, consensus regarding effective strategy development and business directions remains difficult to achieve.

• The geopolitical environment is increasingly volatile, both affecting cyber security as well as being affected by it
• ‘People risk’ is a significant aspect of cyber security. Both as a direct risk (whether malicious or negligent), as well as indirectly - the global skill shortage makes recruitment a significant challenge
• Businesses will always be an easier target for threat actors, whether they be other nation states, hacktivists or criminals
• Building more resilient organisations that take a holistic and integrated approach to cyber risk management is essential to raising the level of security and mitigating the frequency or impact of incidents

Cyber risk is not siloed in its management. We recognise its effect and reliance on many other drivers of risk.  Our integrated approach to cyber risk extends to how we approach geopolitical risk, creating bespoke solutions and services to each of our clients according to their unique circumstances and exposures.

References

¹ Kelly, E., Blurring boundaries, unchartered frontiers: Part of the Business Trend Series, Deloitte University Press, Toronto, 2015. https://www2.deloitte.com/content/dam/Deloitte/za/Documents/strategy/za_Blurring_boundaries_uncharte_frontiers.pdf [Accessed May 2021]

² https://www.zdnet.com/article/what-is-the-internet-of-things-everything-you-need-to-know-about-the-iot-right-now/

³ https://www.ibm.com/uk-en/security/data-breach

⁴ https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem