top of page
  • Writer's pictureAlex Keeley

Cyber Risk: Part I

What is “Cyber Risk” and how could it affect your business?

What is “Cyber Risk”? In today’s business world, it is almost impossible to operate a business and not have an Internet presence. Indeed, many businesses operate almost exclusively through the web via email, websites, cloud storage, etc. While this ever-increasing trend has expanded capabilities and simplified transactions, it has also led to many new pitfalls that businesses have been slow to catch up with. “Cyber Risk” is defined by the CRO (Chief Risk Officer) Forum as, “the risks of doing business, including managing and controlling data, in a digital or ‘cyber’ environment.”1 Essentially, the idea is that the more interconnected we become, the easier it is to exploit and attack weaknesses in the connections. Attacks and exploitation of weaknesses creates unforeseen impacts and costs for businesses.

Who, Me? If your company has any Internet presence, these breaches are a potential risk to your company. Questions to ask to assess whether you have an Internet presence:

1. Do you have a web site?

2. Do you collect data from customers/potential customers (including payment information)?

3. Do you store customer or company data electronically?

4. Do you store customer or company data in the cloud?

5. Does your company have trade secrets or other intellectual property stored electronically?

If you answered yes to any of these questions, you need to assess your company’s Cyber Risk because the question is not “if” your company will have a data security breach, its “when” will that breach occur, and “how” bad will it be.

Impacts and Costs: What kinds of impacts and costs are associated with breaches in data security? As of 2013, the average cost of a data security breach was $194 per compromised record.2 That sounds like a small amount, until you realize that in any given breach, the number of records compromised could range in the hundreds, or, in severe breaches, in the thousands, depending on the size of your company. Needless to say, that number adds up quickly! Beyond the monetary impact of data security breaches, there can be impacts and costs to a company’s goodwill. Any breach involving a loss or misappropriation of customer data hurts that company’s brand and image. Such damages can be hard to calculate and can take years to repair.

Causes of Breaches: How do these types of breaches occur? Most people think that data security breaches are caused by malicious attacks by hackers, but in fact the number one cause of data security breaches is employee or contractor negligence. Almost half of all data security breaches are caused by human error. 3 That is not to say that malicious attacks don’t happen (indeed, almost 40% of breaches are malicious, either attacks from outside parties, or insider intentional breaches). However, given that most companies aren’t big enough to rise to the attention of hackers, it is important to note more than a third of malicious breaches are conducted by internal sources, ie. disgruntled employees. 4 Thus, no matter the size of your company, if you have an Internet presence, or collect data in any form, data security breaches need to be a concern of yours.

Next Steps: In Part II of this blog, we will look at how to assess your level of Cyber Risk, and then in Part III, we will address how to handle your Cyber Risk responsibly, to mitigate the damage it can cause, and to limit your exposure to breaches.


  1. See

  2. See

  3. See

  4. See

This Blog, and the information contained herein, are intended for informational use only. Nothing in this Blog should be construed as legal advice.

3 views0 comments

Recent Posts

See All


Post: Blog2_Post
bottom of page