Spring 2014 issue of Horizons

T-Mobile, Electronic Arts (EA), British Broadcasting Channel (BBC), Federal Election Commission, Target

These companies are all not only well known but also share another common attribute. All five entities had recent cyber attacks.

> Cyber security refers to analysis, warning, information sharing,

And they’re not alone.

Cyber attacks have become an everyday reality in our modern economy, with the average loss per incident exceeding $5,000,000, according to the Poneman Institute. Cyber security is an issue vital to all entities. In today’s environment, the question of becoming a victim to a cyber security attack is no longer “if” but “when.” While the threat of a cyber security attack has become almost inevitable, the risks associated with it can be managed through an effective cyber resilience plan. Throughout this entire issue of RubinBrown’s Horizons , you will read the many ways cyber attacks are impacting various industries as well as what organizations are doing to mitigate their exposure. This article focuses on providing an overview of cyber security in today’s environment and the five key steps to building a cyber resilience plan. Overview of Cyber Attacks and Cyber Resilience Today, cyber attacks pose the element of surprise, and nearly each new attack is more innovative and sophisticated. Attacks are impacting more than just an entity’s technology; they affect financial, reputational and stakeholder value. The strain of a cyber attack can impact all stages of an entity’s supply chain, from vendor to customer. Attacks are becoming more difficult to develop mitigation strategies for as the interconnectivity of entities continues to increase and attack techniques evolve. Additionally, the current spending for cyber security is predominately limited to investment in firewalls and virus protection software. Companies are finding that in addition to these investments, it’s just as important to have cyber resilience plans. Entities need to link the investment in cyber security to the potential consequences they face.

vulnerability reduction, risk mitigation and recovery

efforts for networked information systems.

~ World Economic Forum

> Cyber resilience is defined as the ability of systems and organizations to withstand cyber events.

~ World Economic Forum

Businesses today should incorporate consideration for preservation of reputation, impact on customers and consequences from attacks.

www.RubinBrown.com | page 9