The insurance company Aviva conducted a research about cyber risks and one of its main conclusions was:
“
… the research found that businesses are 67% more likely to have experienced a cyber incident than a physical theft and almost five times as likely to have experienced a cyber attack as a fire.
“
If the numbers are real and it not just a PR to sell more cyber insurance – then I think it is a landmark in the history of information security – a major “upward” step in the risks ladder, getting closer to certainty in the probability scale.
As I always say – much of our work in cybersecurity is not technical, it is fighting repression, the mentality pushback by humans we work with about dealing with digital risks, and this research may help us by having a statistical evidence that cyber risks are not accidental, they are intentional (be it either a personal or generic targeting) and they are bound to happen, to only question is if we will do something about it.