(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Studying Resilience:  The Outcome of Good Risk Management (Part III)

4/18/2018

0 Comments

 
Picture
The 2017 cybersecurity survey released by Zurich Insurance Group Ltd., shows that only 62 percent of risk professionals said that their board of directors recognized cyber risk as a significant threat to the organization, down from 83 percent a year ago.  The report comes just as Dr. Zhenhua Chen from The Ohio State University and Adam Rose from the University of Southern California released a preliminary report of their research examining the major economic consequences of a cyber-attack in terms of GDP and employment.
Guest Column by Phil Renaud, Executive Director,  The Risk Institute at The Ohio State University, May 2018Guest Column by Phil Renaud, Executive Director, The Risk Institute at The Ohio State University.
Dr. Chen is a research fellow of the Risk Institute and assistant professor of city and regional planning at Ohio State.  Chen believes that cyber-attacks continue to pose an extreme threat to the U.S. and that major security breaches in private industry and government are on the rise.   Although these attacks haven’t yet caused major cross-sectorial damage, the potential is there because cyber-attacks can shut down industrial facilities, critical utilities and infrastructure systems, interfere with military operations, and compromise national security.  Chen argues that this isn’t just supposition, we’ve already seen it happen.  In Ukraine, for example, hackers successfully blacked out a portion of the nation’s capital for about an hour. As reported by Wired, cybersecurity researchers discovered “disturbing evidence” that the Kiev attack was almost certainly a dry-run for a much larger attack using “most evolved specimen of grid-sabotaging malware ever observed” outside of a controlled setting.

Chen’s research focuses on answering three questions: (i) what are the economic consequences of cyber-attack measured in terms of GDP and employment; (ii) how do the consequences vary when the attacks are targeted among different critical infrastructure sectors, such as manufacturing and cyber sectors; and (iii) what is the potential of various cyber-resilience tactics to reduce losses?  Chen’s overall research objective is to improve risk management for cyber-threats among both private and public sectors through better understanding of the economic consequence of cyber-attacks and the benefits of various cyber resilience tactics in reducing these consequences.

Through an extensive literature review, Chen and his team identified that although a plethora of studies have attempted to identify the economic impact of cyber-attacks, there is a lack of a systematic approach to evaluate economic impacts of cyber-attacks in terms of GDP and employment changes. They also realized that while several studies have addressed pre-disaster approaches to risk reduction (e.g.: mitigation), very few studies have addressed post-disaster approaches to recovering cyber capabilities (i.e., resilience).

​Chen has developed two attack scenarios to assess the direct costs and identify post-attack resiliency options. The first is a hypothetical cyber-attack scenario that assumes the supervisory control and data acquisition (SCADA) system of the auto-manufacturing sector in Michigan is disrupted by a cyber-attack for ten days. The second scenario pertains to a disruption of cyber sectors used by a broad range of industries in the event of a natural disaster such as an earthquake.  This kind of research will be critical making the field of cybersecurity more resilient in the future.

Phil Renaud
Email:  renaud19@osu.edu

Picture
0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com