Though they aren’t yet saying which sectors will get scrutiny first, several stand out as especially exposed to risk from a cybersecurity crisis: The defense-industrial industry, financial sector, health care and critical infrastructure operators like energy, water, waste management and first responders all are considered high-risk categories.
Risks related to cyberattacks today aren’t as linear as simple costs associated with cleaning up a breach, paying for credit monitoring or replacing fried computers. Companies that don’t fall into these categories — for instance, Equifax — can see their core businesses heavily damaged, which is why the Cyber Risk Group also will focus assessments on reputational hazards.
“We’re looking into different types of scenarios, to get into the details of what might affect certain companies,” he said.
“If you look at the history of data breach and data disclosure issues, they’re not quite as impactful as the business disruption events,” Vadala…
