Cyber risk in the age of the drone

In December 2013, Amazon announced plans to launch Prime Air, a service to deliver small packages using flying drones. One day later, cyber security analyst Sammy Kamkar published details of SkyJack, “a drone engineered to autonomously seek out, hack and wirelessly take over other drones within Wi-Fi distance, creating an army of zombie drones under your control”. Kamkar’s idea was largely fanciful – it would be fairly easy to secure Wi-Fi access to drones – but it illustrates just how much digital risks have evolved.

In the past, the impact of cyber attacks was typically limited to individual companies or data systems. Individuals or organizations under attack might have a bad week, but they could generally execute business continuity plans, rebuild computers and use data from securely backed-up vaults.

Today, the risks of attacks on the Internet are more systemic in nature. Increased workforce mobility and the use of non-company-owned devices create additional security challenges and privacy risks. The use of Big Data creates challenges for global companies to reconcile methods of data analytics with local privacy regulations and the increased use of cloud computing continues to be of great concern for global companies based on certain jurisdictional requirements.

At the same time, the rise of the Internet of Things, which includes potential drone delivery service and other technologies, is blurring the lines between the virtual and physical worlds. Concepts such as the smart grid – the online connection and control of electrical power generation, transmission and use – are increasing the possibility of cyber attacks on essential infrastructure made of concrete and steel, potentially causing actual loss of lives and with dramatic consequences for economies.

Governments and corporations continue to develop their defenses against cyber attacks, but historically the advantage has always been with the attackers who benefit from initiative, anonymity and, at times, jurisdictional protection.

There is a growing risk that this imbalance will widen further as governments increasingly seek to assert control over the personal data of their citizens and to gain competitive advantage on the global stage through the militarization of the Internet. The cyber arms race as governments look to further national interests online is funding new hacking technologies while developing a global talent pool of potential cyber criminals. At the same time, companies are increasingly looking for ways to capture consumers in preferential areas, so-called “Magic Gardens” like Apple’s App Store, where they can extract a price premium.

These trends run the risk of further fragmenting the Internet, creating additional layers of complexity and, by association, cyber risk, and collectively suggest that cyber risks will continue to rise for the foreseeable future.

Recognizing this, it is imperative that the private and public sectors work together more closely to protect business and communities from cyber risks and leverage the benefits of the cyber world with confidence. This collaboration would need to be based on an in-depth understanding of the nature and evolution of the underlying risks and include a more integrated, cross-border response to cyber risks, moving away from a pure national security mind set.

For governments, that means closer cooperation with national peers and business, while corporations need to ensure that they integrate risk management methodologies and techniques into their business model. Individuals, meanwhile, need to be more aware of potential attacks and invest in anti-virus software and other measures to protect their private data.

Insurance companies, meanwhile, have a key part to play in quantifying cyber risk and developing the tools to identify, assess and offset such risks.

Read the Global Risks 2014 report.

Author: Axel P. Lehmann is Group Chief Risk Officer and Regional Chairman Europe at the Zurich Insurance Group.

Image: A member of the military works in the server room at an Air Force Base in Colorado Springs, United States, July 20, 2010. REUTERS/Rick Wilking