The risk of cyberattacks is real and growing. While many of us theorize and speak in hypotheticals about the possibility of a major and potentially devastating cyberattack (or twenty), those considered most “in the know” are taking these risks seriously. And for good reason.
A January 29, 2010 study commissioned by McAfee, Inc and authored by the Center for Strategic and International Studies (CSIS) reports that over one-third (37%) of the IT security executives surveyed believe that critical infrastructure such as electrical grids, oil and gas production, water supply, telecommunications and transportation networks has become increasingly vulnerable to a cyberattack. Moreover, 40% of the 600 executives from 14 countries who responded predict a major security incident in their sector within the next year. Only 20% believe their sector is secure and will successfully avoid a serious cyberattack over the next five years.
The respondents work in critical infrastructure enterprises across seven sectors in 14 countries (including the US, UK, Japan, China, Germany, France, Italy, Russia, Spain, Brazil, Mexico, Australia and Saudi Arabia). Most problematic, over half of the respondents admitted that their concerns are not without foundation. Indeed, 54% acknowledged that their companies already have experienced infiltrations or large-scale cyberattacks from terrorists, organized crime gangs, and/or nation-states. The average cost of resultant downtime is estimated to be $6.3 million per day. Not chump-change by any means.
The recent cyberattack on Google is just one example. According to CSIS’s report, however, there have been scores more. With additional attacks to come. Of most concern, perhaps, over half of those surveyed believe that the U.S., China and Russia as the three most vulnerable countries.
The report, entitled “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” goes on to state that more than one-third of the executives who responded feel their respective sectors are unprepared for a major attack and that two-thirds believe the ongoing recession has caused companies to reduce resources devoted to cyber protection.
This situation harkens back to the adage “one man’s suffering is another man’s gain.” The opportunities for cyber/tech underwriters are there. Go get ‘em, ladies and gentlemen.