Cyber risk: Growing complexity demands a paradigm shift in thinking

In his 18th century book “Götz von Berlichingen”, Goethe said where the light is brightest, the shadow is deepest. This saying holds true for today’s hyperconnected, data-driven world. According to a global risk map in the annual Allianz Risk Barometer, cyber risk ranks as the top threat for Germany and the United Kingdom. Across the U.S. and Europe as a whole, cyber risk ranks second, topped only by business interruption. These vulnerabilities and disruptions to the business are not just caused by fires, explosions or natural disasters. New factors such as cyberattacks and geopolitical risk are coming to the forefront. The digital connections among companies, supply chains and machines are strengthening the effects of business interruptions because they can create a domino effect, spreading rapidly across regions or industries and leaving wide-scale damage. And these scenarios represent only a tiny portion of the actual risks around the globe.

According to a current study on cybersecurity at the global risk management consultancy, Control Risks, many top managers are stressed by risks in cyberspace. In their global survey of managers and IT decision-makers, almost half of all participants confided that cyber risk is not taken seriously enough by the executive team.

Around 31 percent of participants also stated that they were very or extremely concerned that their company could become a victim of a cyberattack in the coming years. A third (34 percent) of responding companies, however, had no crisis management plan in case of a cyberattack. Following this year’s May 12th WannaCry randsomeware attack, which had affected 150 countries in less than 12 hours, this lack of preparation is shocking and alarming.

Technical solutions, firewalls and traditional antivirus software no longer suffice to provide companies complete protection. As Peter Rost from Rohde & Schwarz Cybersecurity pointed out in a guest commentary for the German industry portal RiskNet, consumers are no longer content with just an airbag when it comes to automobile safety. As the cyber risk expert noted, we buy cars with Electronic Stability Control (ESP) to actively prevent accidents instead of merely making them less critical when they have already happened. New concepts in cybersecurity are based on prevention with a “security by design” concept. Rost explains that since the security is integrated in the operating system during development, this drastically reduces or eliminates vulnerable spots instead of merely analyzing and fighting constantly evolving forms of attack such as zero-day exploits.

The technological solutions will not suffice for a Generation Y, Generation Nintendo, Net Generation, Generation@ or Digital Natives, who trade in their baby monitors for smartphones before leaving the playpen. Users must also reconsider their own usage habits and maybe even abstain from smartphone consumption from time to time.

I personally tested that theory last year while spending several weeks in the Canadian wilderness. After that type of abstinence, I truly realized how sensory overload and constant information with text, images and videos leave us feeling overwhelmed and permanently stressed. Many people are having a harder time focusing on one thing, because their minds are constantly somewhere else. There is no reception in the wilderness. The nice side effect is that data collectors could not capture any transaction data or annoy me with their latest shopping recommendations. A grizzly bear could care less. For me, it was a great relief.

Think about it. The seemingly simple world of mobile connectivity and the commercial sensors is really just based on widespread ignorance. Behind that façade lurks a motley, multifaceted risk map. This affects us as individuals, companies as complex systems, our society as a whole, and even the entire world order. And this digital world is growing more and more complex. That makes a paradigm shift in thinking essential.