Cyber and Environmental Risks
Cyber Attack Types
Roll a d20 to determine what type of cyber attack threatens your organisation. Each entry describes a common cyber risk and how it manifests.
| Roll (d20) | Cyber Risk | Description |
|---|---|---|
| 1 | Phishing Attacks | Cybercriminals trick employees into revealing sensitive information. |
| 2 | Ransomware | Malware encrypts company data, with attackers demanding payment for release. |
| 3 | Insider Threats | Disgruntled employees or contractors compromise company systems or data. |
| 4 | DDoS Attacks | Overwhelming traffic floods company servers, causing downtime. |
| 5 | Outdated Software | Unpatched software allows attackers to exploit known vulnerabilities. |
| 6 | Third-Party Breaches | Data breaches at third-party vendors compromise company data. |
| 7 | Password Attacks | Attackers use brute-force or dictionary attacks to crack weak passwords. |
| 8 | Misconfigurations | Poorly configured systems leave data exposed or accessible to attackers. |
| 9 | IoT Device Vulnerabilities | Insecure IoT devices offer entry points for attackers. |
| 10 | Social Engineering | Attackers manipulate employees into divulging sensitive data or access. |
| 11 | Advanced Persistent Threats (APTs) | Targeted, stealthy, and long-term cyber-espionage campaigns by adversaries. |
| 12 | Zero-Day Exploits | Attackers exploit previously unknown vulnerabilities in software. |
| 13 | Supply Chain Attacks | Compromised software or hardware components infiltrate company systems. |
| 14 | Data Leakage | Sensitive data is accidentally or intentionally exposed. |
| 15 | Shadow IT | Unapproved and unmanaged IT systems used by employees pose security risks. |
| 16 | Human Error | Employee mistakes, such as misdirected emails, lead to data exposure. |
| 17 | Malvertising | Malicious ads distribute malware or direct users to malicious sites. |
| 18 | Credential Stuffing | Attackers use stolen credentials to access multiple systems or accounts. |
| 19 | Mobile Device Vulnerabilities | Insecure mobile devices or apps expose company data or systems. |
| 20 | Business Email Compromise (BEC) | Fraudulent emails deceive employees into sending money or data to attackers. |
Environmental Risks from Operations
Roll a d20 to determine what environmental risk arises from your organisation's operations. Each entry describes a type of environmental impact and its consequences.
| Roll (d20) | Environmental Risk | Description |
|---|---|---|
| 1 | Air Pollution | Company operations release harmful pollutants into the atmosphere, contributing to air quality degradation and potential regulatory penalties. |
| 2 | Water Pollution | Discharge of untreated wastewater or chemicals into water bodies, affecting water quality, ecosystems, and human health. |
| 3 | Soil Contamination | Release of hazardous substances into the ground, potentially damaging ecosystems, agriculture, and causing long-term health risks. |
| 4 | Deforestation | Clearing of forest land for company operations, leading to habitat destruction, loss of biodiversity, and contributing to climate change. |
| 5 | Overuse of Resources | Unsustainable extraction or consumption of natural resources, leading to depletion, price fluctuations, and negative environmental impacts. |
| 6 | Greenhouse Gas Emissions | Release of CO2 and other greenhouse gases from company operations, contributing to climate change and potential regulatory penalties. |
| 7 | Ozone Depletion | Release of ozone-depleting substances, contributing to the depletion of the Earth's ozone layer and increased UV radiation exposure. |
| 8 | Biodiversity Loss | Company operations lead to habitat destruction or disruption, contributing to the decline or extinction of plant and animal species. |
| 9 | Noise Pollution | Excessive noise generated by company operations, affecting local communities, wildlife, and potentially resulting in regulatory penalties. |
| 10 | Waste Generation | Production of large amounts of solid, liquid, or gaseous waste, which may be difficult to manage, dispose of, or recycle, leading to pollution risks. |
| 11 | Energy Inefficiency | Inefficient use of energy in company operations, resulting in higher costs, resource depletion, and increased greenhouse gas emissions. |
| 12 | Chemical Spills | Accidental release of toxic or hazardous chemicals, causing immediate and long-term environmental and health risks. |
| 13 | Environmental Disasters | Company operations contribute to or exacerbate natural disasters (e.g., landslides, floods, or earthquakes), leading to widespread damage and liability. |
| 14 | Invasive Species Introduction | Company operations inadvertently introduce invasive species into new environments, disrupting ecosystems and causing economic and environmental damage. |
| 15 | Water Scarcity | Overuse or contamination of water resources, leading to water scarcity, impacting local communities, agriculture, and company operations. |
| 16 | Climate Change Vulnerability | Company infrastructure and operations are at risk due to the impacts of climate change, such as extreme weather events, sea level rise, or changing weather patterns. |
| 17 | Non-compliance with Environmental Laws | Failure to comply with local, national, or international environmental regulations, resulting in fines, penalties, and potential operational disruptions. |
| 18 | Ecosystem Service Disruption | Company operations disrupt or degrade vital ecosystem services (e.g., pollination, carbon sequestration, or water purification), leading to environmental consequences. |
| 19 | Supply Chain Disruption | Environmental risks in the company's supply chain, such as resource scarcity or regulatory changes, leading to increased costs or operational disruptions. |
| 20 | Reputational Damage | Company is perceived as environmentally irresponsible, leading to reputational damage, loss of customers, and potential divestment from investors. |