Cyber risk and incidents remain a regular feature in news headlines around the world. The threat is so wide ranging that tackling the subject and deciding how to mitigate the risk can be a real challenge. Surveyors and valuers should be aware of the risks and potential threats to their businesses.
In some ways the term "cyber" has been helpful in raising awareness of technology-linked risks but at the same time this amorphous term can be confusing when it comes to identifying what the related risks are. If national governments and global financial institutions have yet to agree the scope of cyber risk (there is no comprehensive framework for the risk assessment of cyber catastrophes) then there should be a healthy dose of sympathy for a typical surveyor or valuer trying to do the same.
One simple view of “cyber risk” is to break it down into two concepts: operational and informational risk.
Operational cyber risk arises out of companies’ unprecedented reliance on electronic systems and the devastating effect on business that can occur when those systems are interrupted or interfered with. In January, Lincolnshire County Council lost access to its systems for over a week following a fairly unsophisticated cyber attack.
Informational cyber risk arises out of the legal and commercial risks attaching to data and information. Surveyors and valuers are no different to any other company in holding ever increasing volumes of electronic data. Recent high profile data breaches in the UK have highlighted how unacceptable it is for companies not to have a clear understanding of what data they hold, what they are doing with it, and how it is secured.
When considering the operational and information aspects of cyber risk, it quickly becomes clear that cyber is a risk that can only be mitigated and not eliminated. Therefore, property consultancy businesses should also prepare and rehearse for cyber and data breach incidents, and even consider purchasing cyber insurance coverage.