In our rapidly evolving digital environment, cyber crime is rapidly outstripping other kinds of physical crime. The recent 2018 annual security survey from PwC.com highlighted the business vulnerabilities of living in an increasingly interconnected world. 
The survey identifies security risks for businesses and other organizations, and these include disruptive cyber attacks, theft of data, impersonation of company officers and other hidden risks. If businesses want to protect their assets and reputations, expanded security systems are essential to deal with increasingly sophisticated criminals, state-sponsored hacks and risks from the emerging Internet of Things and wearable devices that monitor your environment and health. Only 44 percent of the survey’s respondents of 9,500 executives admit that their corporate boards participate in developing security strategies, but that needs to change in a rapidly evolving digital society where security threats increase exponentially.
What are Business Vulnerabilities to Cyber Attacks?
Cyber crimes have advanced to become the second most reported financial crime and now affect 32 percent of companies and organizations.  Businesses, governmental agencies at all levels and civic organizations face common vulnerabilities to hacks, thefts and compromised data. Massive security breaches grow increasingly common as business reliance on data, mobile workforces and interconnectivity become ubiquitous. Current business vulnerabilities in the digital ecosphere include:
1. Not Understanding and Underestimating the Threats
Security risks often remain hidden from casual inspections, and many companies underestimate their vulnerabilities to attacks. Common security threats include:
- Data losses
- Compromised data
- Failure to comply with regulations
- Attacks against customers or company stakeholders
- Denial of service
- Threats to company decision-makers
- Digital impersonations of C-suite executives and managers
- Social engineering attracks
- Threats to the security of a company’s digital domains
- Cyber physical threats and incidents
- Hacktivist threats
2. No Prioritized Security Policy
If your company doesn’t have a strong cyber security policy in place, the risks of attacks grow rampant. Each employee could be an inadvertent or deliberate threat. Your policies–at a minimum–should include the following cyber security best practices:
- Identifying unauthorized activities
- Defining and managing the risks that vendors and other stakeholders generate
- Protecting company data digitally and physically
- Simulating risks and responses to speed dealing with common threats
- Analyzing risks that arise from remote access
- Developing seamless security policies, procedures and oversight scenarios
3. Ignoring the HR Factor
Human resources can be among your greatest assets and biggest threats in the war on cyber threats. Your employees need to understand that they bear responsibility for security issues, and regular training and seminars in security practices are essential. Security threats can arise from abuses of privilege, mishandling data, using unapproved software, failing to secure computer stations, bringing unapproved hardware to the office, misusing email, employing unapproved workarounds and abusing proprietary knowledge for personal gain.
Other Common Vulnerabilities to Cyber Attacks
You can’t underestimate the risks of cyber attacks or the potential damage they can do. A recent high-profile cyber attack removed $1 billion from banks worldwide, and the total financial damage of cyber crimes exceed $575 billion USD.  Existing business vulnerabilities also include many other cyber threats such as the following digital hazards:
- Exposure of sensitive or confidential data
- Reuse of credentials
- Not understanding compliance and security issues
- Allowing employees to bring their own devices to work without adequate security policies
- Not requiring password protection of computers at all times
- Failure to implement standards for passwords and require them to be changed regularly
- No recovery plan in place for dealing with attacks
- Failure to consider evolving risks
Potential Digital Threat Scenarios in the Near Future
Increasingly intelligent artificial intelligence, or AI, systems can easily compromise security and generate heightened threats in the future. AI can be both a problem and a solution for companies dealing with cyber threats. That’s why scenario planning and threat assessments are essential parts of the planning process.
Scenario planning was first developed by military planners as ways to deal with possible military threats.  Cyber security planners can use the same approach to identify risks and prepare solutions. For example, security specialists might ask the following questions when planning security strategies:
- How might the IoT be used to compromise our company’s market position and future earnings?
- Do our wearable devices generate any security issues?
- How could hacktivists compromise our ability to meet compliance guidelines?
- If AI can accurately predict human behavior, what might the consequences be?
- What might happen if consumers refuse to go online because of the security risks?
- Could the IoT and wearable devices create a fully realized version of “Big Brother?”
Cyber Risks of the IoT and Wearable Devices
The future holds many cyber threats, but companies can begin preparing now to defeat anticipated breaches and new threats from wearable devices and the Internet of Things, or IoT. Data usage will only continue to expand, and the IoT and wearable devices will introduce new vulnerabilities. Marketing automation and CRM systems will also expose customer data to hackers. Companies also run risks from their business partnerships, prospect pipelines and customer-facing digital applications.
A recent class action lawsuit illustrates the risks that the IoT and wearable devices generate. The lawsuit alleges that eClinicalWorks, an electronic health record company, failed to provide reliable health information that doctors and patients both relied on for medical treatments. The vendor failed to meet certification requirements according to the nearly $1 billion lawsuit.  The company agreed to a $155 million settlement, but that’s only the tip of the potential financial costs.
These kind of data breaches cost far more than any settlement because they damage a company’s reputation, generate legal fees and compromise future earnings. That’s why it’s so critical for companies to develop stronger security practices and resiliency in the face of evolving cyber threats.
Data sabotage is a big threat in the future as companies realize the benefits of damaging their competitors. Attacks on data integrity can alter employee records, credit scores and bank account information. News reports can be manipulated to provide false information about company earnings, voter polls and other news affecting the world’s investment markets.
Dealing with Future Cyber Risks
The best policies for dealing with future threats are to remain vigilant, train employees in security best practices, create scenarios for attacks and find solutions for real-world threat assessments. Full-scale simulations can test your security protocols and determine where weaknesses exist.
Other cyber risks of the future include expanded physical threats from the IoT. Terrorists and criminals can get control of automated systems in cars, homes and brick-and-mortar businesses. Vehicles can be sent out of control or forced to crash into other vehicles or buildings. Disabled people can be subjected to extreme temperatures by turning off the heat in winter or the air conditioning in summer. 
The realities of current and future threats are probably more complex than estimated. No solution can be expected to go precisely according to plan, so developing flexibility and resilience in your security policies is essential. It will take some time and expense to strengthen your security practices and train your employees, but the results could increase your company’s value, attract security-conscious customers and generate peak economic performances for years to come.
 Pwc.com: The Global State of Information Security® Survey 2018 Heimdalsecurityblog.com: 10+ Critical Corporate Cyber Security Risks – A Data Driven List Resources.infosecinstitute.com: The Top Five Cyber Security Vulnerabilities Techrepublic.com: Cybersecurity in 2020: The future looks bleak Bankinfosecurity.com: $1 Billion Lawsuit Focuses on EHR Data Integrity Concerns Cyberfeason.com: The future of security: A combination of cyber and physical defense