The next black swan event will come from cyberspace

First, let’s just make sure we’re all on the same page. A black swan event is not something involving Natalie Portman or Mila Kunis.

A black swan event usually has three main characteristics:

  • It is rare or hasn’t happened before, and comes as something of a surprise.
  • It has an extreme impact on society and is outside our usual experience.
  • It has retrospective predictability through the use of hindsight.

The theory was popularized by Nassim Nicholas Taleb in his book The Black Swan.  If we distil the theory it goes something like this: think about a swan. What colour is it? You’ve probably imagined a white swan. While most swans are white, some are black. The notion that some swans are black comes as something of a surprise. However, now with the benefit of hindsight, you begin to think that it isn’t that much of a surprise after all.

Can we have some examples, I hear you say. Of course. Some of these are from my own grey matter and some are gleaned from the Internet:

  • The rise of the motor car
  • The creation of the Internet
  • Global warming
  • 9/11
  • The financial collapse of 2008
  • The rise of the Internet of Things.

(By all means get in touch and let me know what you think could be potential ‘black swans’ of the future.)

The chairman of the International Organisation of Securities Commissions (Iosco), Greg Medcraft, speaking to the FT last Sunday, said that ‘the next black swan event will come from cyberspace. It is important we pay attention’. I paid attention.

Medcraft is directly referring to a financial shock, and we all know from experience of the last financial disaster that it would permeate all corners of society and affect individuals as much as large financial institutions.

In a report published by Iosco last year it was claimed that 53% of 2012’s financial exchanges were targeted by attacks, but these attacks were designed to disrupt and were not focused on financial gain. That report was from two years ago, though, and you’d be foolish to believe that cyber criminals still weren’t interested in or seeking out ways to extract huge financial gains from cyber attacks.

I’m not suggesting a scenario akin to the plot of Die Hard IV (and for those of you who haven’t seen it, why not?), but our reliance on and interconnectivity with the Internet means there are more and more opportunities for cyber criminals every day.

Neira Jones, Independent Advisor, former Head of Payment Security at Barclaycard and recent speaker at our event on cyber security, highlighted that the problem is often keeping pace with the cyber criminals. “Where it becomes tricky is the sheer pace at which cyber crime advances and the notable disconnect between IT, information security, fraud and business imperatives.

“I would say the first step is to understand what assets are of interest to criminals and get all stakeholders involved to determine the risk appetite.”

Iosco recommends that organisations implement international security standards such as ISO27001. You can learn more about ISO27001 here >>

As Columbo used to say, “One more thing…”

If you woke up tomorrow morning and found that the London Stock Exchange had suffered a huge cyber attack, would you be surprised? I imagine you would at first. The rolling news would only help in spreading the panic and showing how the repercussions would have an impact on everyone from FTSE100 companies to Barry, the man who delivers your veg box. Then a short while later you’d probably remark to friends that this was bound to happen sooner or later.


Financial Times on Sunday

SC Magazine