More than half of US top executives fear not only serious disruption of their own operations, but also the impact of cyber attacks on national infrastructure, a study has revealed.
Most of the C-level professionals surveyed by security firm RedSeal believe a co-ordinated assault launched by sophisticated cyber criminals could wreak ongoing havoc on business operations, cause considerable harm to a brand, and potentially affect related companies or even entire industries.
Many also said that in the networked economy, containing the problems caused by a sustained network attack will be very difficult. They fear that a major network disruption at a single company or network could disrupt infrastructure at a local, national and even global level.
“As this research makes clear, securing the network infrastructure to ensure ongoing business operations is not an abstract concern – it’s a vital issue because a successful attack will have devastating and even far-reaching consequences,” said RedSeal chairman and CEO Ray Rothrock.
“A co-ordinated, sophisticated and large-scale assault will not stay within the walls of the company being attacked. It could easily trigger a domino effect and cause widespread disruption, reaching companies in other sectors and even the national grid,” he said.
The survey of more than 350 C-level executives, including CISOs, showed 74% acknowledge that cyber attacks on networks of organisations can cause “serious damage or disruption”, and 21% admit to fears of “significant damage or disruption”.
Almost 80% said such attacks could inflict “serious impacts to business profitability and growth”, and bring about “serious brand damage”, while 45% were also concerned that such attacks could lead to a “big hit on employee productivity”. More than 43% predict business downtime, while more than 41% fear “internal/organisational disruption or chaos”.
Asked what other areas might be affected by the “resulting ripple effects of cyber attacks on one network”, 64% cited “further business-related security vulnerabilities”. More than half (56%) went further, citing “national vulnerabilities”, and 59% agreed with the possibility of a security domino effect.
More than half the respondents (52%) singled out “defence systems” as being potentially affected by a cyber criminal incident or data breach, while 45% cited “border security", and 59% said such attacks could affect “economic security”.
Major network attack would have national significance
According to respondents, the most important sectors of the economy could be affected, including finance, energy, government, critical infrastructure and healthcare.
Read more about the cost of cyber attacks
- Sony expects the investigation and remediation costs of the November 2014 cyber attack on its movie subsidiary will amount to $15m
- UK companies are lagging behind US companies in taking out insurance to cushion the financial impact of cyber attacks
- Banks obscure the amount of money lost to cyber fraudsters – preferring to write off cyber theft as operating losses
“What this survey rightly highlights is that in a hyper-networked economy, where most networks are inextricably linked to each other, a major network attack will be very difficult to isolate,” said founder of security analyst firm IT-Harvest, Richard Stiennon.
“This isn’t an IT or even a basic operational issue – it has national significance, and should be managed accordingly,” he said.
In February 2015, national intelligence director James Clapper said cyber attacks by politically and criminally motivated actors top the list of threats facing the US.
“Cyber threats to US national and economic security are increasing in frequency, scale, sophistication and severity of impact,” he said in an annual threat assessment delivered to Congress.
Clapper said US intelligence expects an ongoing series of low to moderate-level cyber attacks from a variety of sources over time that will have a cumulative cost on the US economy and national security.
Halting cyber crime could have a positive impact on the global economy, according to Intel Security Europe security researcher and CTO Raj Samani.
“Some estimates put the cost of cyber crime to the global economy at more than $445bn, but the true cost is far greater as many countries do not report on this,” he told a NEDForum summit in London in February 2015.