Latest news with #MarkStacey
Yahoo
5 days ago
- Business
- Yahoo
Financial impact from severe OT events could top $300B
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. The global financial impact from catastrophic cyber events that disrupt operational technology could near $330 billion on an annual basis, according to a report that industrial cybersecurity firm Dragos and professional-services firm Marsh McLennan released on Tuesday. The cost of business interruptions in such a scenario would exceed $172 billion, according to the report. Those estimated losses are based on a so-called 1-in-250-year tail event and factor in global supply-chain impacts and other related events. Dragos researchers say the indirect losses, including the impact from disrupting normal operations, are the concerns that many companies fail to account for. 'We see OT companies investing the majority of their cybersecurity budget on IT networks,' said Mark Stacey, VP, risk and resilience solutions at Dragos, adding that companies often assume OT functioning as normal when production is ongoing. 'The potential impact of business interruption (whether direct through adversary action or indirect to an abundance of caution) is often underestimated,' he says. In comparison, the average annual global risk, including business interruption claims, is $12.7 billion, the average global aggregated risk over the next 12 months is $31 billion. The financial analysis is based on 10 years of breach and insurance-claims data from Marsh McLennan's Cyber Risk Intelligence Center. The report provides insights into the risks facing operational technology, which has experienced an increase in attacks in recent years. Manufacturing and other critical infrastructure sectors are increasingly dependent on connected technologies, including the need for remote-access tools that are often connected to the internet. The report highlights how specific defense strategies can reduce overall risk. The three OT security controls most associated with risk reduction were maintaining a comprehensive incident-response plan, using defensible architecture and performing continuous monitoring to preserve visibility into a network In recent months, companies have reported significant financial losses from cyberattacks that affected their supply chains or their ability to conduct online transactions. British department store chain Marks & Spencer took a $400 million hit after a social-engineering attack linked to the Scattered Spider cybercrime group. The company on Monday confirmed that it had restored its online ordering service, months after the April cyberattack. United Natural Foods, the distributor for retailers including Amazon's Whole Foods chain, said last month that a cyberattack also linked to Scattered Spider would cost the company at least $350 million in sales. Recommended Reading 6 security experts on what cyberthreats they expect in 2023
Techday NZ
6 days ago
- Business
- Techday NZ
OT cyber incidents may cost up to USD $329.5 billion globally
A new industry report has estimated that operational technology (OT) cyber incidents could result in global financial losses of up to USD $329.5 billion in the event of a severe but plausible scenario, with business interruption accounting for a significant proportion of the projected losses. The study, conducted by Marsh McLennan's Cyber Risk Intelligence Centre, used a decade's worth of breach and insurance claims data to determine both the potential financial impact of OT cyber events and the OT security controls that most effectively reduce that risk. The findings suggest that business leaders, insurers, and security professionals should focus on implementing measurable risk reduction strategies in industrial environments. According to the report, indirect losses are a major concern, impacting up to 70% of OT-related breaches. The study models worst-case scenarios in which the global financial risk from such incidents reaches as high as USD $329.5 billion, more than half of which - an estimated USD $172.4 billion - would result from business interruption. Robert M. Lee, Chief Executive Officer and Co-founder of Dragos, commented on the findings: "Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments. The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer. This report fills a critical gap by translating OT security into measurable financial risk and assessing controls aimed at mitigating that risk." The key OT cybersecurity controls found to be most strongly correlated with risk reduction are incident response planning (up to 18.5% average risk reduction), defensible architecture (up to 17.09%), and ICS network visibility and monitoring (up to 16.47%). The analysis leveraged tens of thousands of simulations, representing one of the first statistical attempts to connect specific OT controls with quantifiable financial loss reduction based on real-world data. Mark Stacey, Vice President, Risk and Resilience Solutions at Dragos, highlighted the importance of understanding OT cybersecurity in business and financial terms: "For years, organisations have lacked the context needed to understand OT cyber risk in business and financial terms. This study fills that gap, linking real-world financial data with OT-specific security controls. It gives executives, risk managers, and insurers the shared language and framework they've been missing to prioritise, invest, and insure with confidence." The report also examined persistent challenges organisations face in managing and insuring OT cyber risk. These include an undefined financial impact due to lack of quantifiable data, difficulties in measuring return on investment in OT security measures, and uncertainty in determining which controls should be prioritised. By mapping the SANS ICS Five ICS Cybersecurity Critical Controls to observed outcomes in industry data and insurance claims, the report aims to provide a practical risk management framework. This is considered particularly urgent as OT-focused malware threats are on the rise and as regulatory requirements, such as the United States Securities and Exchange Commission's Form 8-K cyber incident disclosure rules, become more stringent for publicly listed companies. Scott Stransky, Head of the Cyber Risk Intelligence Centre at Marsh McLennan, underscored the significance of translating the implementation of controls into measurable financial benefits: "This report offers new visibility into the financial modeling of OT risk and provides insurers and OT operators alike with the confidence to take action. By statistically linking controls to measurable risk reduction, organisations can better evaluate client readiness and make more accurate, risk-based coverage decisions." The research indicates that organisations across industrial sectors - such as electricity, manufacturing, oil and gas, water, transportation, mining, and government - stand to benefit from adopting data-driven approaches to OT risk management and demonstrating the financial efficacy of their security investments. The findings are presented as a resource intended to bridge the information gap for boards, risk executives, and underwriters working to align OT cybersecurity planning with demonstrable financial outcomes in a landscape of evolving digital threats and regulatory obligations.
Techday NZ
7 days ago
- Business
- Techday NZ
OT cyber incidents could cost USD $329.5b, report warns
Dragos, in partnership with Marsh McLennan's Cyber Risk Intelligence Centre, has published the 2025 OT Security Financial Risk Report detailing the potential financial impact of operational technology (OT) cyber incidents and controls. The report estimates that global risk exposure associated with OT cyber incidents could reach USD $329.5 billion in extreme scenarios. Notably, 70% of OT-related breaches are shown to result in indirect financial losses, which are often omitted by conventional risk models. Statistical modelling and financial impact The study applied a decade of breach and insurance claims data, using tens of thousands of simulations to create what is described as the first statistical model correlating OT security controls with financial loss reduction. This analysis indicates that, in a severe yet plausible event occurring once every 250 years, global OT cyber losses could total USD $329.5 billion, with OT-related business interruption accounting for USD $172.4 billion of that figure. Three OT security controls emerged as most correlated with risk reduction. Incident response planning could result in up to 18.5% average risk reduction, defendable architecture up to 17.09%, and ICS network visibility and monitoring up to 16.47%. Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments. The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer. This report fills a critical gap by translating OT security into measurable financial risk and assessing controls aimed at mitigating that risk. These were the words of Robert M. Lee, Chief Executive Officer and Co-founder at Dragos, commenting on the implications of the report for executives seeking actionable guidance. Barriers to effective OT security The report identifies three prominent challenges hindering effective OT cyber risk management. These include the absence of clear financial impact data related to OT incidents, difficulties in demonstrating return on investment for OT security controls, and a lack of independent benchmarks to prioritise OT controls. For years, organizations have lacked the context needed to understand OT cyber risk in business and financial terms. This study fills that gap - linking real-world financial data with OT-specific security controls. It gives executives, risk managers, and insurers the shared language and framework they've been missing to prioritize, invest, and insure with confidence. This was noted by Mark Stacey, Vice President, Risk and Resilience Solutions at Dragos. Regulatory pressures and industry standards The publication of the report comes at a time of growing regulatory attention to OT security, including the introduction of rules such as the US SEC's 8-K cyber incident disclosure requirements. The analysis represents one of the first large-scale efforts to map the SANS ICS Five Critical Controls directly to risk reduction percentages, using real-world data. By providing statistical links between specific controls and measurable risk reduction, the report aims to support both OT operators and insurers in evaluating organisational readiness and making risk-based coverage decisions. This report offers new visibility into the financial modeling of OT risk and provides insurers and OT operators alike with the confidence to take action. By statistically linking controls to measurable risk reduction, organizations can better evaluate client readiness and make more accurate, risk-based coverage decisions. Scott Stransky, Head of the Cyber Risk Intelligence Centre at Marsh McLennan, explained how the framework may benefit both the insurance sector and OT security decision-makers. The Dragos 2025 OT Security Financial Risk Report positions itself as a resource for risk executives, (re)insurers, and security leaders seeking quantifiable approaches to managing OT cyber risks and prioritising key security controls in accordance with current sector demands and regulatory frameworks.
Yahoo
17-06-2025
- Sport
- Yahoo
Hodder strikes sensational 165 to help Swanage to nail-biting win
SWANAGE'S 'star' all-rounder Ben Hodder played an extraordinary innings of 165 not out off just 140 balls - this included 31 boundaries, seven of which were maximums, to help his team record an incredible nail-biting victory in the last over. After losing the toss on a beautiful, sun-kissed afternoon at Days Park - unsurprisingly, Mark Stacey's side found themselves in the field against Marnhull in their latest Premier Division 2 encounter. The visitors got-off to a 'flying-start' - making use of the first 10-over Powerplay, however, when Stacy introduced his two main slower bowlers Charlie Dyke and Pete Richards - the hosts were able to build some pressure (especially, as they both not only bowled with fantastic control, but also, claimed vital wickets). The hosts were, then, hampered by the loss of a key bowler - who damaged his finger going for a catch. Despite this, Swanage's other change-bowlers - James Harding and Harry Long, also, bowled with great consistency too. Harding took a brace of wickets as the visitors recorded 345-7 from their 60 overs. In reply to this mammoth score, the hosts recovered from the loss of an early wicket with a half-century stand between Stacey & Hodder and despite Stacey being brilliantly caught for a quick-fire 32, the momentum of the innings was maintained by Tom Wells - who smashed 48 with a strike-rate of over 100. Hodder was, then, joined by Dan Salmon - who played some ferocious shots (particularly square of the wicket). These three cameo-innings had kept the hosts in with a chance - especially, because they only had 50 overs in which to reach this huge total and despite losing two quick wickets Hodder remained. He was, then joined by Matt Beard and at this point 140 runs were still needed off 14 overs. But together they managed to hit the required two boundaries an over and keep-up with the required run-rate. Until it got the stage where the hosts needed 11 runs off the final seven balls, at which point, Hodder hit the biggest six of his innings. Beard then scored his 35th run to simply get Hodder back on strike, and fittingly, he drove the next ball straight back past the bowler to complete a truly phenomenal innings/run-chase. Also on Saturday, the 2nd XI travelled to their Marnhull counterparts in Division 4. The visitors batted first and recovered from a poor start (32-3), with a half-century partnership between Ben Allatt & Sam Wells. However, when they were both dismissed in quick-succession for 51 and 24 respectively the game remained in-the-balance at 107-5. Despite this, Michael Barry and Mike Nash firstly consolidated the innings and, then flourished towards the final overs with an important stand of 77, until Nash, who also made 24 was dismissed. But Barry remained undefeated on a run-a-ball 63 - which included smashing the last ball of the innings to the boundary (his 9th) to enable the visitors to reach the respectable total of 216-7 off their 40 overs. In reply, the hosts got off to a brilliant start reaching 103-0. Despite this, the game changed with the introduction of Andrew Hancock's off spin. He not only broke this partnership but also bowled with fantastic changes of pace. He went on to complete an incredible five wicket-haul and along with the returning Ryan Stearn & Wells helped restrict the hosts to 151 all out - after being 138-2 at one stage. This puts the team in a positive frame-of-mind for this weekend's top-of-the-table clash against Winton at Days Park. As well as that, the 3rdXI were involved in (another) nail-biting finish on the Nursery Ground at Days Park in Division 5. The hosts batted first made a very respectable 237-6 from their 40 overs. With the stand-out performers being Chris Wood (61), Geoff Willcocks (64 not out), Tony Fowle & Josh Gould. In reply, Poole kept-up with the run-rate, despite some excellent bowling by Mark Savage & Alan Marks - who claimed three and two wickets respectively. Unfortunately for the hosts, one of Poole's up and coming young 'stars' came out and hit the last ball of the match for six to register a three-wicket win - in what was an exceptional game of cricket.
