SlideShare une entreprise Scribd logo

Managing Risk - The Board and Cyber Security

S
Sophia Stefanatto
1  sur  1
Télécharger pour lire hors ligne
Spring | Law 65 Chandos Place London WC2N 4HG T: +44 (0) 20 7395 4870 F: +44 (0) 20 7395 4871 W: www.springlaw.co.uk /company/spring-law @SpringLawUK 1 Spring | Risk Managing Risk – The Board & Cyber Security 2016 is already shaping up to be the year when cyber risks are a rolling news story. In most industries, cyber risk continues to rise as company operations become more reliant on technological advancements in order to reach wider markets, faster. The risks to companies are becoming more complex and are aggressively evolving, exponentially increasing vulnerabilities across most sectors. Whether highly targeted or entirely random, cyber-attacks threaten business operations and data security which increases the company’s exposure to liability with the equally severe consequences on business reputation. This should be a signal to boards of companies of all sizes that if cyber risk and security is not at the top of the agenda, they are behind the mark. Market indicators are pointing to 2016 being the tipping point for cyber risk. A risk consultant and Institute of Risk Management Board member recently said “in 2016, we will enter a new phase in the war against cybercrime.” Companies will be unable to maintain a passive stance where cyber risks are an abstract threat ‘out there’ that can be controlled simply by buying a piece of software or changing passwords monthly. The pressing need is for companies to assess and control risks by actively seeking them out before they are left with crisis management/disaster recovery as their only response. In a recent survey by the HM Government on Internet Security Breaches it was shown that 90% of large organisations and 74% of small businesses suffered a security breach within the last year; the worst breaches causing £1.46m - £3.14m and £75k - £311k worth of damage respectively. These losses are up from the previous year and are expected to continue to rise in the future. The important question for companies now is not ‘what happens if there is a breach, but what is the plan for when there is one?’ Cyber resilience is about managing the risk in a focused and practical way. Management teams should take the time to clarify their ‘crown jewels’, the information, property or assets which are at the heart of the business. This will vary, of course, but may include intellectual property, customer and client information, employee data and records, financial data, patents or source code. Once the ‘crown jewels’ are identified the business needs to weigh up the risks of losing them against the cost of various levels of protection for them. This will typically include a combination of hardware, software, staff training, and process driven monitoring. Those responsible for the oversight of departments should be reporting information about risk developments directly to the board; this accountability factor is crucial to the development of a sustainable risk culture. Having a fully informed board will allow them to implement policy, whether it is employee training or incident response, and procedures effectively. Systems, policies and procedures will need to be regularly monitored and updated to reflect changes or advancements in risks and insurance should be sought to increase protection and maximise the opportunities for de-risking the business. However, it’s not all doom and gloom. Boards and company executives who appreciate the potential magnitude of these risks and embrace cyber resilience within their risk culture will be better placed to take advantage of the ever changing technology advancements. This will drive business growth whilst minimising the financial and reputational damage of any security breaches in the future.

Recommandé

eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacks
The Economist Media Businesses
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
accenture
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
The Economist Media Businesses
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The Economist Media Businesses
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
accenture
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
Simon Clements FIRP DipRP
 
Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015
patmisasi
 

Recommandé

eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacks
The Economist Media Businesses
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
accenture
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise
The Economist Media Businesses
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The Economist Media Businesses
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
accenture
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
Simon Clements FIRP DipRP
 
Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015Scalar_Security_Overview October 2015
Scalar_Security_Overview October 2015
patmisasi
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
Morgan Jones
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
Hewlett Packard Enterprise Business Value Exchange
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
Hewlett Packard Enterprise Business Value Exchange
 
Cost of Cybercrime 2017
Cost of Cybercrime 2017Cost of Cybercrime 2017
Cost of Cybercrime 2017
Paperjam_redaction
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
accenture
 
Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare
Accenture Security
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture
job Titri company
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
Scalar Decisions
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
Cigniti Technologies Ltd
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...
Ashish Chauhan
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
SrikanthRaju7
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
Mighty Guides, Inc.
 
L inkedin slides
L inkedin slidesL inkedin slides
L inkedin slides
Stan Stankiewicz
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report
Δρ. Γιώργος K. Κασάπης
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
Brian Rushton-Phillips
 
Cert of Training Construction Eqip Op
Cert of Training Construction Eqip OpCert of Training Construction Eqip Op
Cert of Training Construction Eqip Op
RICHARD DELANEY
 
L7 句型练习
L7 句型练习L7 句型练习
L7 句型练习
liliyangliu
 

Contenu connexe

Tendances

SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 

Tendances (20)

Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Cost of Cybercrime 2017
Cost of Cybercrime 2017Cost of Cybercrime 2017
Cost of Cybercrime 2017
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
 
Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare Third Annual State of Cyber Resilience SlideShare
Third Annual State of Cyber Resilience SlideShare
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture2017 cost of cyber crime study accenture
2017 cost of cyber crime study accenture
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
L inkedin slides
L inkedin slidesL inkedin slides
L inkedin slides
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 

En vedette

Cert of Training Construction Eqip Op
Cert of Training Construction Eqip OpCert of Training Construction Eqip Op
Cert of Training Construction Eqip Op
RICHARD DELANEY
 
Nordea Kundeservice Social meda awards 2014
Nordea Kundeservice Social meda awards 2014 Nordea Kundeservice Social meda awards 2014
Nordea Kundeservice Social meda awards 2014
Ane Ramskjær
 
Smart Music Information
Smart Music InformationSmart Music Information
Smart Music Information
wngrimes
 
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
Trio Advance
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
Bilha Diaz
 
Information Brief by Inter Services Public Relations (ISPR)
Information Brief by Inter Services Public Relations (ISPR)Information Brief by Inter Services Public Relations (ISPR)
Information Brief by Inter Services Public Relations (ISPR)
Xeric Striker
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 

En vedette (20)

Cert of Training Construction Eqip Op
Cert of Training Construction Eqip OpCert of Training Construction Eqip Op
Cert of Training Construction Eqip Op
 
L7 句型练习
L7 句型练习L7 句型练习
L7 句型练习
 
Tarea Teleduc
Tarea TeleducTarea Teleduc
Tarea Teleduc
 
Nordea Kundeservice Social meda awards 2014
Nordea Kundeservice Social meda awards 2014 Nordea Kundeservice Social meda awards 2014
Nordea Kundeservice Social meda awards 2014
 
Trabajo Final para Comunicación Visual Gráfica 2
Trabajo Final para Comunicación Visual Gráfica 2Trabajo Final para Comunicación Visual Gráfica 2
Trabajo Final para Comunicación Visual Gráfica 2
 
Tι ξέρεις για την 8η Μάρτη 2016;
Tι ξέρεις για την 8η Μάρτη 2016; Tι ξέρεις για την 8η Μάρτη 2016;
Tι ξέρεις για την 8η Μάρτη 2016;
 
Smart Music Information
Smart Music InformationSmart Music Information
Smart Music Information
 
Presentación anteproyecto
Presentación anteproyectoPresentación anteproyecto
Presentación anteproyecto
 
Agenda Culturel du 11 au 17 avril
Agenda Culturel du 11 au 17 avril Agenda Culturel du 11 au 17 avril
Agenda Culturel du 11 au 17 avril
 
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
ประกาศรายชื่อ PreScreen TG วันที่ 5เมษายน 2556
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
 
Top 10 Annual Events in Nashville, TN, PowerPoint
Top 10 Annual Events in Nashville, TN, PowerPointTop 10 Annual Events in Nashville, TN, PowerPoint
Top 10 Annual Events in Nashville, TN, PowerPoint
 
A mother's song
A mother's songA mother's song
A mother's song
 
Information Brief by Inter Services Public Relations (ISPR)
Information Brief by Inter Services Public Relations (ISPR)Information Brief by Inter Services Public Relations (ISPR)
Information Brief by Inter Services Public Relations (ISPR)
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Taking it to the Top: How to Speak Digital with the Board of Directors
Taking it to the Top: How to Speak Digital with the Board of DirectorsTaking it to the Top: How to Speak Digital with the Board of Directors
Taking it to the Top: How to Speak Digital with the Board of Directors
 
NCUA Board of Directors Policies - Required Policies and Risk Assessment
NCUA Board of Directors Policies - Required Policies and Risk AssessmentNCUA Board of Directors Policies - Required Policies and Risk Assessment
NCUA Board of Directors Policies - Required Policies and Risk Assessment
 
Components Of Digital Marketing Strategy
Components Of Digital Marketing StrategyComponents Of Digital Marketing Strategy
Components Of Digital Marketing Strategy
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 

Similaire à Managing Risk - The Board and Cyber Security

Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
Jim Romeo
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
IBM Security
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 

Similaire à Managing Risk - The Board and Cyber Security (20)

Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Why Accountants Can’t Afford to Ignore Cyber Security in 2023
Why Accountants Can’t Afford to Ignore Cyber Security in 2023Why Accountants Can’t Afford to Ignore Cyber Security in 2023
Why Accountants Can’t Afford to Ignore Cyber Security in 2023
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreat
 
The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016The State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 

Managing Risk - The Board and Cyber Security

  • 1. Spring | Law 65 Chandos Place London WC2N 4HG T: +44 (0) 20 7395 4870 F: +44 (0) 20 7395 4871 W: www.springlaw.co.uk /company/spring-law @SpringLawUK 1 Spring | Risk Managing Risk – The Board & Cyber Security 2016 is already shaping up to be the year when cyber risks are a rolling news story. In most industries, cyber risk continues to rise as company operations become more reliant on technological advancements in order to reach wider markets, faster. The risks to companies are becoming more complex and are aggressively evolving, exponentially increasing vulnerabilities across most sectors. Whether highly targeted or entirely random, cyber-attacks threaten business operations and data security which increases the company’s exposure to liability with the equally severe consequences on business reputation. This should be a signal to boards of companies of all sizes that if cyber risk and security is not at the top of the agenda, they are behind the mark. Market indicators are pointing to 2016 being the tipping point for cyber risk. A risk consultant and Institute of Risk Management Board member recently said “in 2016, we will enter a new phase in the war against cybercrime.” Companies will be unable to maintain a passive stance where cyber risks are an abstract threat ‘out there’ that can be controlled simply by buying a piece of software or changing passwords monthly. The pressing need is for companies to assess and control risks by actively seeking them out before they are left with crisis management/disaster recovery as their only response. In a recent survey by the HM Government on Internet Security Breaches it was shown that 90% of large organisations and 74% of small businesses suffered a security breach within the last year; the worst breaches causing £1.46m - £3.14m and £75k - £311k worth of damage respectively. These losses are up from the previous year and are expected to continue to rise in the future. The important question for companies now is not ‘what happens if there is a breach, but what is the plan for when there is one?’ Cyber resilience is about managing the risk in a focused and practical way. Management teams should take the time to clarify their ‘crown jewels’, the information, property or assets which are at the heart of the business. This will vary, of course, but may include intellectual property, customer and client information, employee data and records, financial data, patents or source code. Once the ‘crown jewels’ are identified the business needs to weigh up the risks of losing them against the cost of various levels of protection for them. This will typically include a combination of hardware, software, staff training, and process driven monitoring. Those responsible for the oversight of departments should be reporting information about risk developments directly to the board; this accountability factor is crucial to the development of a sustainable risk culture. Having a fully informed board will allow them to implement policy, whether it is employee training or incident response, and procedures effectively. Systems, policies and procedures will need to be regularly monitored and updated to reflect changes or advancements in risks and insurance should be sought to increase protection and maximise the opportunities for de-risking the business. However, it’s not all doom and gloom. Boards and company executives who appreciate the potential magnitude of these risks and embrace cyber resilience within their risk culture will be better placed to take advantage of the ever changing technology advancements. This will drive business growth whilst minimising the financial and reputational damage of any security breaches in the future.