$2bn worth of records breached in 2016, warns Aon cyber risk leader

25 Oct 2016

Adam Peckman, global cyber risk leader at Aon. Image: Luke Maxwell

With the rise of political and financially motivated cyberattacks, as well as the emergence of a threat to IoT devices, 2016 will break all records for data breaches, according to Aon’s Adam Peckman.

Peckman said 2016 will leave the previous record year 2015 in the shade.

“2016 is not showing any signs of going away from that trend,” he told Siliconrepublic.com.

“There has already been $2bn in records breached. We are seeing a lot of both politically and financial motivated attacks.

‘It is fundamental to change the dynamic away from one where the attacker has been at an advantage to one where the business can wrestle back maximum control’
– ADAM PECKMAN

“But also, with IoT being rolled out in more consumer goods, we are seeing the nature of cyber evolve this year; both being a product risk to consumers, as well as being one of data breach.”

Peckman said that the increasing use of data analytics is helping businesses to regain the initiative against the hackers.

“Data analytics and the way we think about it has a critical success factor in changing the dynamics from the attacker to the business. Business is using big data and data analytics to more effectively understand what the threat profile looks like, how preventative measures can be better deployed within the business, [and how to] use insurance better.

“For us, it is fundamental to change the dynamic away from one where the attacker has been at an advantage to one where the business can wrestle back maximum control.”

Engineering cyber resilience into organisations is key

Peckman is the global practice leader of the cyber risk consulting practice. He is primarily engaged in managing Aon resources to deliver cyber risk management solutions to support the risk and insurance strategy of multinational clients.

The focus of these cyber projects involves conducting enterprise-wide cyber risk assessments and applying advanced quantitative analysis to model clients’ financial exposure to cyber risks.

These projects are aimed at optimising investment decisions in cyber resilience and designing more fit-for-purpose risk financing and transfer arrangements.

“Cyber resilience and the way that we think about it is changing. The mindset within the organisation is moving from ‘what if’ something happens to ‘when’ it happens, and it is about being less preventative [and] being more resilient and responsive when breaches occur.”

Peckman said that this is relevant in the information security side of the business, but it also strikes at the core of the financial resilience of the business. One example would be how to deploy insurance in the most optimal way to make sure the business bounces back in the aftermath of a breach or attack.

“The way we look at cyber resilience is we see it as being cross-departmental. It is about thinking about cyber as a business risk and not just a technology risk, and making sure the business is just as focused on business continuity.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com