Keeping Up With Technology Risk

Defending SCADA systems against the growing cyber threat

By John Farley, Vice President, Cyber Risk, HUB International

As consumers, we are technology junkies searching for the next great fix, and companies around the world are racing to deliver the coolest new distraction. Sounds great, right? There’s just one problem: companies are working under relentless pressure and impossibly tight deadlines that are quite literally harmful to us, and lead to greater technology risk. Remember that awesome smartphone with the iris recognition system, the Secure Folder security feature, and the battery that had the unfortunate habit of exploding? What about the time Amazon lost hundreds of millions of dollars over a typo? With this never ending demand for newer, cooler technology, many businesses today find themselves sacrificing security and operation in order to release as quickly as possible.

Just ask Amazon – or Samsung for that matter

Two very recent instances illustrate the impact of technology risk on businesses. Amazon saw losses in the hundred-millions when Amazon Web Services’ S3 storage service went down. 54% of the top 100 retailers online saw their sites’ performance slow by 20% or more, and companies in the S&P 500 index lost an estimated $150 million. The source of all of these losses was found to be a simple typo; when an S3 team member attempted to execute a command to remove a small number of servers, he or she incorrectly entered an input that led to the aforementioned outage and loss.

And who will ever forget the Samsung Galaxy Note 7, with its exploding battery. The source for the spontaneous combustion was pinpointed to the battery; the phone uses lithium ion battery packs, which happen to be filled with highly flammable liquid that could easily be heated up by a short-circuiting punctured battery. However, what made Samsung’s phones so susceptible to this explosion was revealed in a report to Korea’s Agency for Technology and Standards: high pressure on the batteries. Cell phone batteries are created by tightly packing together stacks of battery components, and Samsung, feeling the need to include as much battery capacity as possible, packed them too tightly, which led to increased punctures.

You can’t miss the irony in the Samsung case: the company, under immense pressure to create a new piece of technology with great capabilities, wound up putting too much pressure on the device and suffered the consequences.

Tell your clients this:
Approximately 25% of organizations have a fully functional enterprise risk program, and may not fully realize the devastation that a technical failure could create. There are four things that all businesses should be doing: ensuring that they are properly educated about their potential technology risks, being capable of rating and financially evaluating all potential outcomes, having a partner that can help with financial evaluation if necessary, and knowing how to find the right insurance partner in this area and incorporating it into their overall risk plan.

Technology can mean great things for your business, but it also has the potential to do the opposite. You need a risk management strategy and you need to incorporate the right insurance into your crisis management plans.

Before it is too late.

About The Author:
John Farley, Vice President and Cyber Risk Practice Leader at HUB International, has 25 years of experience in insurance and risk management. John leads HUB’s Cyber Risk division of consultants and brokers focused on assisting clients with achieving their risk improvement goals, providing advisory services and serving as a network security and privacy liability consultant. He helps clients with pre and post data breach services, applying his extensive knowledge in data breach response.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>