A risk is the probability that an undesirable event will occur, leading to negative consequences for a person, a company or an organisation, such as the failure to achieve an objective, a reduction in performance or the loss of an opportunity.
Cyber-risks thus refer to potential threats to computer systems and networks, including the data stored on these systems. These threats can take the following forms:
- Data breach: A data breach or leak involves the extraction of data from a computer system, thereby infringing the confidentiality of the system and the data it contains. This includes the voluntary or involuntary disclosure of data.
- Violation of data integrity: The correctness and consistency of the data are compromised.
- Unauthorised access: Data or a system is accessed by an unauthorised party.
- Remote access: A network or IT resource (such as data, an application or a system) is accessed remotely.
- Malware infection: Malware (short for “malicious software”) is an IT program designed to compromise the availability, integrity or confidentiality of an IT system
- Social engineering: This is an activity that involves persuading a legitimate user, by exploiting their naivety or ignorance of the risks, to perform a step which compromises their system.
- Interruptions: The provision of a service or the production of goods is interrupted.
- Reputational damage: This is damage to the brand image or reputation of an organisation.