Cyber is proving itself to be the ultimate enterprise risk, encompassing not only information technology, but also risks involving vendors, people, legal questions, and reputation, all while moving with stealth and a velocity that is extremely difficult to cope with.
What often flies under the radar is the risk posed to companies that are not the direct target of cyberattacks. Who could have predicted that an attack targeting Ukraine would simultaneously affect global shipping, a pharmaceutical company in the U.S., and a chocolate company in Australia? This type of risk event was unprecedented until the release of NotPetya in June 2017.
The attack on Maersk is an example of the law of unintended consequences when it comes to cyber. NotPetya’s impact on the shipping company illustrates the “Three R’s” of complex risks like cyber: robustness, resiliency, and redundancy.