Cyber security named as the top risk for CEOs in 2024

Share this article:

A survey of Australian CEOs has spotlighted what they believe is their top business risk for the next three to five years: cyber security issues.

That’s according to the recent Keeping Us Up At Night report from KPMG. A separate Australian Financial Review survey echoes their concerns. It added cyber security was not getting the attention it deserves. A global study has also found seven in 10 Australian small businesses see cyber attacks as their most significant risk.

So, what are the emerging cyber security risks and how can SMEs address them?

Cyber security – the top risk!

The growing momentum of digital transformation of business, thanks to the pandemic, has created a ripple effect of the need for greater protections. While Australia may not be a leader in this space, other countries and regions are tightening regulatory measures. So, if your company does business with people based in areas such as Europe, for example – you’ll have greater responsibilities.

You may want to invest in cyber security skills in-house or outsourcing, but that’s where CEOs’ second top risk comes in, finding the right talent in the tight labour market. KMPG says Australia needs about 6.5M digital workers within the next three years.

Digital technology is the theme linking CEOs’ top five risks for 2024, including regulation, digital transformation, and cost controls. Most businesses, though, view technology as a ‘black box’ and their staff’s digital literacy has limitations. The KPMG survey found that CEOs tend to feel out of their depth to deal with:

Cyber attacks
IT system failure
Software upgrade malfunction
Detecting spyware.
And those risks are within their business, what about the business ecosystem in which SMEs operate?

Supply chain attacks

Your business may have the right staff, ongoing training, robust systems, and processes to shield against the worst of cyber breaches. But what about your supply chains? And those of your suppliers?

According to the World Economic Forum (WEF), more than half of organisations across the globe say they don’t understand cyber vulnerabilities in their supply chain and third-party risks. They lack visibility into their supply chains. This is concerning because a 2023 report found that 98% of organisations have a link with one or more third parties that have experienced a breach since 2021.

How can your SME ‘vaccinate’ itself against those kinds of close encounters?

The WEF report talks about establishing common ground with those in your supply chain, regulators, government agencies, and industry peers. You can do this by implementing these overarching goals:

Enhance the quality and quantity of industry collaborations, ask your supply-chain partners for proof of their cyber security updates every 12 months
Gain clarity about regulations
Invest in cyber insurance to protect your business.
Such partnerships build cyber resilience for your business and help bridge the widening gap between big business and SMEs in this area, says the WEF.

The rise of doppelgängers

An emerging cyber risk for SMEs is the advent of doppelgänger, criminals who steal identity to access vulnerable accounts in businesses or organisations. These ‘bad actors’ use legitimate users’ digital identities leaving the latter unawares.

Here’s the havoc doppelgangers could wreak on your business:
Ransomware attacks
Significant business interruption
Financial losses
Long-term reputational damage
Potential regulatory penalties.
Keep a close eye on who’s authorised to access the IT accounts in your business. Ensure they practice top-notch digital hygiene and preventative methods to boost your IT system’s health and security. Basics include two-factor authentication, frequent password changes, and regularly reminding staff, managers, and board members not to click on malicious links.

Similarly, lookalikes should also be on your radar. For example, criminals may use letters like the bona fide email domain name of one of your suppliers. Cyber security firm Kaspersky offers this one: You receive an email sent from the address JOHN@MlCROSOFT.COM. That looks kosher, or does it? Their address is john@mLcrosoft.com.

Another cyber hacker tactic is to register a website domain in languages that don’t use the Latin alphabet. This means ‘you won’t be able to distinguish if they’re using a Greek “ο”, Russian “о”, or Latin “o” in, say, a supposed ‘Microsoft’ website. So, it’s not just misspelt domain names you should be alert to.

New challenges of AI and cyber

Generative artificial intelligence (GenAI) keeps gathering steam. IBM’s Security Intelligence update lists these issues on the horizon:

GenAI makes ‘customer acquisition’ easier for cyber criminals – they’ll crunch through big data swiftly to create profiles for would-be targets
AI will be used to scale a malicious campaign – much like the supposed inaugural cyber attack circa 1988, called the Morris Worm
Embedding AI into your IT infrastructure creates new risks, so focus on your critical data
Cyber security analysts will be elevated within their organisation in line with their greater responsibilities
Criminals will ‘harvest now and decrypt later’ when quantum computing becomes more available.
There are no silver bullets for this year’s suite of new cyber security risks. Ensure risk management is part of your everyday processes. We’re here to help you customise insurance coverage for these new cyber risks.

Any financial product advice in this content is provided by cgib AFSL No. 231183. This material is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Accordingly, before acting on it, you should consider its appropriateness to your circumstances. cgib respects your online time and privacy.