COVID’s impact on cyber and operational risks vs. corporate resilience
by Fatema AlSaad “COVID-19 is a black swan”: a statement we have been hearing ever since COVID-19’s impact materialized after the first quarter of 2020. The impact of this pandemic on our lives, businesses and the way work is being conducted has been far beyond the world’s expectations. Unlike the 2008 Financial crisis, COVID-19 impacted all sectors and business models and increased most financial and non-financial risks. This article will focus on the impact on cyber risk and will discuss how proper corporate resilience can aid in meeting the challenges posed by the pandemic.
COVID-19 and cyber risk In an interview with the New Yorker conducted in April 2020, Nassim Nicholas Taleb, Distinguished Professor of Risk Engineering NYU Tandon School, published “The Black Swan”, proposed antifragility in systems, that is, an ability to benefit and grow from a certain class of random events, errors, and volatility. Professor Nassim said, “The great danger has always been too much connectivity”1. Today, almost a year since his interview and more than a year into the pandemic, we have seen that the vulnerability of the world to a global crisis has actually increased due to the increasing global connectivity. COVID-19 that first erupted in Wuhan, China ultimately resulted in cybersecurity breaches worldwide. As employees started working remotely, they started using technologies they are not used to. That has become the new normal. Cyber-attackers saw this as an opportunity to exploit the employees working from home and their interest in coronavirus related news. In fact, in Switzerland, one in seven survey respondents said that they had experienced a cyber-attack during the pandemic. According to swissinfo.ch, there were 350 reported cyber-attack cases in Switzerland in April 2020 as against the norm of 100-150 cases. Furthermore, in July 2020, the City of London Police reported that since January 2020, losses due to COVID-19 scams reached GBP 11 million. Hackers were also able to gain access to the different video conferencing services to steal the personal data of the users and obtain confidential information. This information is then being sold or made available to the public in order to damage the company’s reputation2.
1 / Bernard Avishai, 2020. “The Pandemic Isn’t a black swan but a portent of a more fragile global system”. The New Yorker (Daily Comment). 2 / Nabi, C., (N/A). “The Impact of COVID-19 on Cybersecurity”. Available on https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html.
020
Intelligent Risk - April 2021
