Lloyds Risk Index 2013: beware of people grinding axes
The third bi-annual Lloyds Risk Index is out. It shows that cyber crime has leapt from 12th to 3rd in the league table of perceived risks to industry over the last two years — and the security industry has not been slow to notice; although clearly thinks it should be #1.
“Cyber risk is one of the three biggest concerns for CEOs and senior executives, according to an Ipsos survey for Lloyds Risk Index 2013,” starts the Computer Weekly report.
“Cybercrime is a top three concern for CEOs and other board level executives, according to the Lloyd’s Risk Index 2013, published this week,” starts ITProPortal.
There will be more, particularly as the security industry’s PR machine swings into action and journalists start to receive ‘industry comments’ explaining how abc’s xyz product solves this concern.
And of course we can expect William Hague and Iain Lobban to quote this statistic ad infinitum in support of government global surveillance as necessary and proportionate to protect British industry from foreign terrorist cyber threats.
But you know it’s all remarkably arrogant. First we should ask ourselves, do we really think that these leaders of industry don’t understand the threats to their own industries? Then, assuming that in reality we should give them a little more credit over those vendors and government people who have a separate axe to grind, we should perhaps look at the full picture of industry concerns.
The biggest threat to industry — according to industry — is not cyber criminals and terrorists, but government itself. The #1 threat is high taxation. 5= come excessively strict regulation (which has mirrored almost precisely the rise of ‘cyber risk’) and ‘changing legislation’.
The traditional effects of cyber threats — those effects most quoted to justify higher spend on security product and greater tolerance of security legislation — are ‘reputational risk’ down at #13; ‘fraud and corruption’ down at #17; ‘theft of assets or intellectual property’ at #19; and ‘critical infrastructure failure’ at #22.
Either the leaders of industry don’t understand business, or maybe, just maybe, the cyber threat is being sexed up to justify the cyber war on people just as the WMD report was sexed up to justify the invasion of Iraq.