Cybercrime is a rapidly growing threat to the global economy. But it is not well-defined, and it is often confused with cyber-warfare or cyber-terrorism. Risk professionals need to understand cybercrime and its links to risk management, as we can provide valuable assistance in countering this significant threat to business and society.
Some risk professionals think cybercrime is only relevant to technical people and that it should be tackled by the IT departments. But cybercrime poses a significant risk to organisations because it affects their ability to achieve strategic and operational objectives. Unfortunately many businesses don’t know what cybercrime looks like, how likely they are to be affected, what the extent of the impact might be, or how best to manage it.
Cybercrime can affect an organisation in many different ways, including:
- online theft or fraud
- identity theft
- theft of customer data
- theft of intellectual property
- industrial espionage
Exposure to cybercrime is related to the level of online activities undertaken by an organisation, including the scope of their online presence, the extent to which valuable assets and information are stored online, the strength of online security, and the degree of risk awareness in the organisational culture. To manage the risk of cybercrime, we must first identify the level of our online activities, and determine which assets and activities might be affected by cybercrime.