CEOs Name Their Top Risk for 2024: Why It Should Be Your Concern, too. - Bell Partners

CEOs Name Their Top Risk for 2024: Why It Should Be Your Concern, too.

A survey of Australian CEOs has spotlighted what they believe is their top business risk for the next three to five years: cyber security issues.

That’s according to the recent Keeping Us Up At Night report from KPMG. A separate Australian Financial Review survey echoes their concerns. It added cyber security was not getting the attention it deserves. A global study has also found seven in 10 Australian small businesses see cyber attacks as their most significant risk.

So, what are the emerging cyber security risks and how can SMEs address them?  

Cyber security – the top risk!

The growing momentum of digital transformation of business, thanks to the pandemic, has created a ripple effect of the need for greater protections. While Australia may not be a leader in this space, other countries and regions are tightening regulatory measures. So, if your company does business with people based in areas such as Europe, for example – you’ll have greater responsibilities.

You may want to invest in cyber security skills in-house or outsourcing, but that’s where CEOs’ second top risk comes in, finding the right talent in the tight labour market. KMPG says Australia needs about 6.5M digital workers within the next three years.

Digital technology is the theme linking CEOs’ top five risks for 2024, including regulation, digital transformation, and cost controls. Most businesses, though, view technology as a ‘black box’ and their staff’s digital literacy has limitations. The KPMG survey found that CEOs tend to feel out of their depth to deal with:

  • Cyber attacks
  • IT system failure
  • Software upgrade malfunction
  • Detecting spyware

And those risks are within their business, what about the business ecosystem in which SMEs operate? 

Supply chain attacks

Your business may have the right staff, ongoing training, robust systems, and processes to shield against the worst of cyber breaches. But what about your supply chains? And those of your suppliers?

According to the World Economic Forum (WEF), more than half of organisations across the globe say they don’t understand cyber vulnerabilities in their supply chain and third-party risks. They lack visibility into their supply chains. This is concerning because a 2023 report found that 98% of organisations have a link with one or more third parties that have experienced a breach since 2021.

How can your SME ‘vaccinate’ itself against those kinds of close encounters?

The WEF report talks about establishing common ground with those in your supply chain, regulators, government agencies, and industry peers. You can do this by implementing these overarching goals:

  • Enhance the quality and quantity of industry collaborations, ask your supply-chain partners for proof of their cyber security updates every 12 months
  • Gain clarity about regulations
  • Invest in cyber insurance to protect your business.

Such partnerships build cyber resilience for your business and help bridge the widening gap between big business and SMEs in this area says the WEF.

The rise of doppelgängers

An emerging cyber risk for SMEs is the advent of doppelgänger, criminals who steal identity to access vulnerable accounts in businesses or organisations. These ‘bad actors’ use legitimate users’ digital identities leaving the latter unawares.

Here’s the havoc doppelgangers could wreak on your business:

  • Ransomware attacks
  • Significant business interruption
  • Financial losses
  • Long-term reputational damage
  • Potential regulatory penalties.

Keep a close eye on who’s authorised to access the IT accounts in your business. Ensure they practice top-notch digital hygiene and preventative methods to boost your IT system’s health and security. Basics include two-factor authentication, frequent password changes, and regularly reminding staff, managers, and board members not to click on malicious links.

Similarly, lookalikes should also be on your radar. For example, criminals may use letters like the bona fide email domain name of one of your suppliers. Cyber security firm Kaspersky offers this one: You receive an email sent from the address JOHN@MlCROSOFT.COM. That looks kosher, or does it? Their address is john@mLcrosoft.com.

Another cyber hacker tactic is to register a website domain in languages that don’t use the Latin alphabet. This means ‘you won’t be able to distinguish if they’re using a Greek “ο”, Russian “о”, or Latin “o” in, say, a supposed ‘Microsoft’ website. So, it’s not just misspelt domain names you should be alert to.

New challenges of AI and cyber

Generative artificial intelligence (GenAI) keeps gathering steam. IBM’s Security Intelligence update lists these issues on the horizon:

  • GenAI makes ‘customer acquisition’ easier for cyber criminals – they’ll crunch through big data swiftly to create profiles for would-be targets
  • AI will be used to scale a malicious campaign – much like the supposed inaugural cyber attack circa 1988, called the Morris Worm
  • Embedding AI into your IT infrastructure creates new risks, so focus on your critical data
  • Cyber security analysts will be elevated within their organisation in line with their greater responsibilities
  • Criminals will ‘harvest now and decrypt later’ when quantum computing becomes more available.

There are no silver bullets for this year’s suite of new cyber security risks. Ensure risk management is part of your everyday processes. We’re here to help you customise insurance coverage for these new cyber risks.

123 Insurance Pty Ltd ABN 67 621 727 722 ATF for 123 Insurance Unit Trust ABN 46 332 885 229 trading as Bell Partners Insurance is an authorised representative 1259573 of Insurance House Pty Ltd ABN 33 006 500 072 AFSL 240954.
This advice has been prepared without taking into account your personal objectives, financial situation or needs. You should therefore consider the appropriateness of the advice, in light of your objectives, financial situation or needs before following the advice. Please obtain a copy of, and consider the Product Disclosure Statement applicable to the general insurance product before making any decision.

INSIGHT CATEGORIES
Featured Insights
Most Recent Insights
how-risky-is-it-for-professional-services
17Sep2024
ChatGPT: How Risky is it for Professional Services?
Artificial intelligence (AI) tools such as ChatGPT are revolutionising SMEs, offering incredible potential but also introducing new risks. As an SME...
Rising Insurance Costs: Solutions for Home Builders
13Sep2024
Rising Insurance Costs: Solutions for Home Builders
Home builders are doing it tough. According to Master Builders Australia, they’ve borne the biggest risk of the recent economic downturn...
03Sep2024
Electric Vehicles & Insurance: A Guide for Aussie SMEs
Electric vehicles (EVs) are revolutionising the automotive industry with their eco-friendly design and efficient performance. And governments across Australia are offering...

Start typing and press Enter to search

tax updates