‘Cybersecurity going to be a big problem in 2018 … lot of the commercial breaches are done through human weakness’

Control Risks is a specialist risk consultancy with operations across the globe. The firm’s CEO Richard Fenning spoke to Sanjiv Shankaran during a recent visit to India about looming challenges:

Is cybersecurity, which you identified a year ago as a high risk factor, still as important?

Cybersecurity is going to be a big problem in 2018. We are in that stage where ability of states or criminals to outpace companies’ ability to defend themselves continues. We will continue to see these attacks in 2018. I guess there is an outside possibility that we may see some devastating attacks. The questions a lot of our clients ask is not can we absolutely protect ourselves, it’s are we protecting ourselves adequately compared to our competitors?

If you look at what happened with Uber (allegations that they had covered up a breach) that’s the kind of situation you don’t want to be in.
A lot of companies have got to be realistic about what the likely threat is. It is not North Koreans. It is likely to be somebody trying to steal money from them. There is a sense as well that a lot of companies place too much faith in technology and think ultimately the solution is going to be a technical one. A lot of the commercial breaches are done through social engineering, being able to find a human weakness in the system rather than a technical weakness.
Reputational risk on account of sexual harassment allegations has emerged as a new factor. What’s your view?
Absolutely. It’s like wildfire, once it’s out it will proliferate. To a certain extent you can’t (protect yourself) if you have somebody on your board of directors who has behaved in this fashion in the past. You have probably got a ticking time bomb in your organisation. It is how you then deal with it institutionally that matters. We will see companies get better at doing that, acting in a way that allows the organisation to move the entire ignominy on to the individual. It’s more difficult for organisations that get accused of having institutionalised bad behaviour. We are in one of those situations where behaviour that was tolerated 15 years ago is absolutely not tolerated. There is a velocity issue here. The speed with which behavioural norms change is much quicker. That’s probably social media being an accelerator in all that.
How do you read the situation in China after the Communist Party Congress?
For China it is a fine balancing act because it can’t afford a trade war with the United States. Everything Xi Jinping wants to do is made immensely more complicated if there is destabilisation in its US relationship. People forget that because he looks so omnipotent. He can only do what he wants to do if GDP grows 6.5%. It is still a balancing act he has to perform on the economy. We will see China being assertive, which they see as China playing its natural role.
At the Congress it was announced Xi’s philosophy would be embedded in the constitution in the same way as Mao Zedong and Deng Xiaoping. But the China that Xi has to run is a completely different place. It has a huge private sector, it has integrated itself into the global economy and, therefore, his room for manouevre is significantly more limited than it appears from the outside. China as it has grown richer has become harder to govern. He is trying to pull back power to the centre. He will be much firmer in some ways, but they think they have got the model right. The Belt and Road is his signature initiative. It is important that it succeeds because it is the thing he has hooked his name to.
Has terror receded as a risk factor for businesses?
Interestingly, I think there have been fewer terrorist attacks this year than there have been last year. I think the reality is that if we are talking about Islamic terrorism – there’s nothing particularly Islamic about it, it emanates from Islamic State inspired terrorism – that is going to continue. It is almost impossible to make that go away because it is so low tech, running out on the streets and stabbing people. And the spread of the ideology using internet is very pervasive. It appeals to people who have dropped out of normal bounds of society. At the same time, by militarily defeating IS in Iraq, it will only mutate and go somewhere else. I am afraid this is a multi-generational problem. Because it’s high profile we tend to significantly overestimate its material impact. For people who are directly affected, it is devastating. It isn’t the sort of existential threat to our way of life that one might sometimes believe.

Comments