
Cybersecurity Committee: Risks Involved With a Cyber Incident
March 4, 2021
For a more visual presentation, download the Cybersecurity Committee’s Step One infographic here. Otherwise, read the risks involved with a cyber incident below.
Operational Risk
- Operations and technologies shut down and are unable to be used so employees cannot produce
- Comfort, automation, and health safety systems controlled by network become inoperable so employees cannot work in the environment
- Internal and external email and telephones systems are often shut down so intercompany communication and communications with customers and vendors are often shut down or heavily impacted
- Ecommerce and banking systems are shutdown or heavily impacted
- Public Facing websites are often taken down or unusable
- Physical Security infrastructure operations and communications are often affected.
For more information: Reference CIS Controls – Basic/Foundational Sections 1 – 16
Financial Risk
- Loss of productivity and revenues add up quickly when employees cannot work
- Bank and payment processing systems are often affected, severely limited, and made unusable. Making payments or bringing money in from sales impossible.
For More Information: Reference CIS Controls – Organizational Sections 17,19,20
Legal Risk
- Failure of notification services of the breach by city, county, state, and country as required by the entities and within the required timeline may result in tremendous fines.
- Potential litigation with customers and vendors
- Potential Criminal suit brought against the company and or executives
- Potential Civil lawsuits from those that you have exposed PII, PHI and other personal data.
For more information: Reference CIS Controls – Organization Sections 17, 19, 20
Reputational Risk
- Your name of brand can be irrevocably hurt by a cyberattack.
- Those you serve may lose trust in your ability to adequately conduct business. Particularly in the security field where a high degree of “customer data protection” is expected
- High-profile dealings with law enforcement after a breach are often publicized through all types of news media
- Vendors may show a preference for your competitors or abstain from conducting business with your company
- Stakeholders may face personal scrutiny and adverse public opinion
- The method and timing of notifying the media and others about the breach may provide severe backlash on the company and leadership.
For more information: Reference CIS Controls – Organization Sections 17, 19, 20
To learn more from the PSA Cybersecurity Committee, visit PSAEducation.com!