Chief Risk Officers and CISOs from 25 of our customers & friends debated their SMART objectives for 2020. Here's the results, showing who to involve and how to report progress on cyber risk across 3rd parties during 2020.
Falcon Invoice Discounting: The best investment platform in india for investors
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
1. Cyber Risk
Monitoring
for Chief Risk Officers
Decisions made in Mizuho’s Boardroom by 25 CROs & CISOs about how
to drive Operational Resilience in 2020 through better 3rd Party Risk Management
2. We brought together 25 CROs and CISOs
2
To debate how to monitor cyber risk at suppliers in 2020
Bank of China Bank of England PRA
FSCS ILAG Raphaels Bank
Deutsche Bank JP Morgan Reassure
Brit Bus. Bank LendInvest Rothesay Life
Citibank Facebook Rothschild Bank
CAF Bank Oak North Shawbrook Bank
Bottomline Pay.UK Turkey Bank
Met Friendly QBE Insurance Westpac Group
Leaders from these firms debated their plans for 2020, in anticipation
of the PRA consultation on Outsourcing & 3rd Party Risk Management.
3. We held a Structured Debate via a Simulation
3
Our 25 CROs & CISOs were appointed to a hypothetical organisation
Congratulations!
You’re now in charge of monitoring cyber risk across the
extended enterprise at “ACME Financial”
4. Decisions to be made by 25 CROs and CISOs
4
Our 25 experts broke into 5 groups to address these 4 questions
1) WHAT to call their project, to monitor & mitigate cyber risk
across their Outsourcing & 3rd Party suppliers during 2020
2) WHO to include in the project team that will monitor cyber risk (job titles)
3) WHEN to achieve key milestones (SMART objectives) in the project
4) HOW to report the live cyber risk today, on each supplier
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
5. Sample suppliers used for the Simulation
5
Our CROs and CISOs pretended that these 10 companies supply ACME Financial
Adecco Concur Dentons G4S Gemalto
Recruitment Expense Management Legal Security Information Services
Metsi Pega Skanska Sungard Workday
IT Services Customer Relationship Management Construction Business Continuity ERP
6. Expert Insight 1: WHAT to call your Project
6
“To measure, monitor & mitigate 3rd party risk in 2020”
VENDOR
7. Outsourcing & 3rd Party Risk Management
7
Context: draft Supervisory Statement published on 5th December 2019
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
“Banks should
gradually build an
Outsourcing
Register which
should be complete
by 31 Dec 2021.”
“Online, real-time
reporting tools are
strongly
encouraged.”
Outsourcing & 3rd Party Risk Management
7
Context: draft Supervisory Statement published on 5th December 2019
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
“Banks should
gradually build an
Outsourcing
Register which
should be complete
by 31 Dec 2021.”
“Online, real-time
reporting tools are
strongly
encouraged.”
8. 8
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
Our experts debated WHO should be in their team to measure,
monitor & mitigate cyber risk across their 3rd Parties.
9. 9
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
10. 10
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
CEO COO
3rd Party Oversight
Provider
Chair Risk Committee Product Commercial
CFO CRO
Compliance /
Financial Crime
Operational Resilience Contracts Procurement
CIO CTO Business + Operations Operational Risk DPO
Supplier
Relationship
CISO Auditor Communications Business Continuity Legal Project Manager
11. 11
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
CEO COO
3rd Party Oversight
Provider
Chair Risk Committee Product Commercial
CFO CRO
Compliance /
Financial Crime
Operational Resilience Contracts Procurement
CIO CTO Business + Operations Operational Risk DPO
Supplier
Relationship
CISO Auditor Communications Business Continuity Legal Project Manager
Delegates named 24 JOB TITLES they wanted in their Project Team for 2020.
But some titles received just 1-2 votes, eg “CEO” nominated only by Caleidoscope,
“CFO” was nominated only by ScreamCastle.
12. 12
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
Delegates named 24 JOB TITLES they wanted in their Project Team for 2020.
But some titles received just 1-2 votes, eg “CEO” nominated only by Caleidoscope,
“CFO” was nominated only by ScreamCastle.
11 people should be in your team, said Caleidoscope, See2020 & ScreamCastle.
Project Tango suggested 12 individuals, while Hawkeye said 8 individuals.
The 11 job titles that most experts thought should be in the Project Team were:
CRO; COO; CISO; CTO; DPO; Legal; Procurement/Contracts; Project Manager.
Operational Resilience; 3rd Party Oversight Provider; Communications.
13. 13
Expert Insight 2: WHO is in your team?
“To measure, monitor & mitigate 3rd party risk in 2020”
The 11 job titles that most experts thought should be in the Project Team were:
CRO; COO; CISO; CTO; DPO; Legal; Procurement/Contracts; Project Manager.
Operational Resilience; 3rd Party Oversight Provider; Communications.
One team grouped their project
members into a hierarchy,
with reports pushed up to the
C-Level from project managers
In operational resilience.
14. 14
Expert Insight 2: WHO is in your team?
“To measure & mitigate cyber risk across 3rd parties”
We are honoured to be the “3rd Party Oversight Provider” to some of you already.
We recommend: have 1 person in your 2nd line “own” your Cyber Risk Dashboard, with
monthly exception reports to C-Level. Then let suppliers view themselves on Dashboard.
15. Decisions to be made by 25 CROs and CISOs
15
Our 25 experts broke into 5 groups to address these 4 questions
1) WHAT to call their project, to monitor & mitigate cyber risk
across their Outsourcing & 3rd Party suppliers during 2020
2) WHO to include in the project team that will monitor cyber risk (job titles)
3) WHEN to achieve key milestones (SMART objectives) in the project
4) HOW to report the live cyber risk today, on each supplier
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
16. 3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
Our experts debated WHEN to achieve key milestones to
measure, monitor & mitigate cyber risk across their 3rd parties,
by setting SMART objectives.
16
17. 17
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
• Specific Goal is to Understand +
Improve Critical 3rd Party Risk
• Measured inline with Risk Appetite,
with MI, Audits, Scorecard, TI
• Achieved through monthly reviews of
risk-based priorities
• Relevant Scorecard reported to Exco
on suppliers outside risk appetite
• Timed to achieve goal in 12 months
18. 18
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
Q1:
• Define Appetite
• Identify & Prioritise key suppliers
(risk based)
Q2:
• Assess Cyber Resilience of Key
Suppliers
• Manage / Remediate
• Ongoing Monitoring & Reporting
19. 19
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
Q1:
• Define Appetite
• Identify & Prioritise key suppliers
(risk based)
Q2:
• Assess Cyber Resilience of Key
Suppliers
• Manage / Remediate
• Ongoing Monitoring & Reporting
20. 20
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
21. 21
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
Concur
Metsi
Skanska
WorkDay
Gemalto
Dentons
Adecco
22. Decisions to be made by 25 CROs and CISOs
22
Our 25 experts broke into 5 groups to address these 4 questions
1) WHAT to call their project, to monitor & mitigate cyber risk
across their Outsourcing & 3rd Party suppliers during 2020
2) WHO to include in the project team that will monitor cyber risk (job titles)
3) WHEN to achieve key milestones (SMART objectives) in the project
4) HOW to report the live cyber risk today, on each 3rd Party and supplier
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
23. 23
4: HOW to report live risk by Supplier?
“To monitor & mitigate cyber risk across suppliers in 2020”
23For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
24. 24
4: HOW to report live risk by Supplier?
“To monitor & mitigate cyber risk across suppliers in 2020”
25. 25
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
26. 26
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.ukFor your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
27. 27
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.ukFor your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
28. 28
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.ukFor your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
29. 29
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.ukFor your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
30. 30
3: WHEN to achieve key milestones
“To monitor & mitigate cyber risk across suppliers in 2020”
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.ukFor your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
31. Continuous Monitoring of our key suppliers
Barrie Millett, Group Head of Operational Resilience, Wesleyan Group
31For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
Bank of England - CQUEST
32. Continuous Monitoring of our key suppliers
Barrie Millett, Group Head of Operational Resilience, Wesleyan Group
32For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
33. Decisions to be made by 25 CROs and CISOs
33
Our 25 experts broke into 5 groups to address these 4 questions
1) WHAT to call their project, to monitor & mitigate cyber risk
across their Outsourcing & 3rd Party suppliers during 2020
2) WHO to include in the project team that will monitor cyber risk (job titles)
3) WHEN to achieve key milestones (SMART objectives) in the project
4) HOW to report the live cyber risk today, on each supplier
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
34. And the Winning Team is… Hawkeye!
“To measure, monitor & mitigate 3rd party risk in 2020”
35. Turn your Insights into Action
35
Kevin.Duffey@CyberRescue.co.uk
Hold the date: 21st Jan at 2pm:
Managing Cyber Risk at 3rd Parties by
Implementing the PRA’s draft Supervisory Statement
expectations on Outsourcing Registers, with “Online, real-time
reporting tools” that are “strongly preferred”
36. Turn your Insights into Action
36
Kevin.Duffey@CyberRescue.co.uk
For more insights like this, go to:
www.linkedin.com/company/cyber-rescue-alliance/
For your cyber dashboard, email Lewis.Varga@CyberRescue.co.uk
Notes de l'éditeur
Cyber Risk Monitoring for Chief Risk Officers - with UK Finance and 25 banks
22 Banks, 4 Insurers and 3 other financial institutions sent their CRO, CISO and Operational Resilience leads to participate in this review of how to measure & monitor cyber risk across the extended enterprise.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
Hello and welcome.
I’m Ian Burgess, Head of Cyber Policy at UK Finance, the official trade body of Britain’s banks and financial services sector.
I’m delighted to be hosting this event, with Kevin Duffey, CEO of the Cyber Rescue Alliance.
Thank you for participating, under Chatham House rules. There are no fire drills planned for today. If the alarm goes off, please leave the building calmly, using the stairs that are clearly marked outside this boardroom.
Cyber Attacks threaten operational resilience & reputation.
So Chief Risk Officers need timely and objective insights, to drive evidence-based discussions in the Boardroom.
Today is an opportunity to to share insights with our peers.
Your votes and conclusions will be recorded anonymously, and made available so you can share with colleagues.
Kevin will explain how we will encourage interaction.
We’ve just started using the automated workflows that come with the dashboard, to
- send our bespoke questionnaire
- to all the key individuals
- as frequently as we need
- with automated reminders and scoring
This is a preview of the new Bank of England, PRA/FCA questionnaire, CQUEST in the platform.
For all of the 48 questions, we and our suppliers can just indicate on the left, the level of maturity we have against that particular control.
A for a high maturity. D for a low maturity.
But the fabulous thing is that the questionnaire provides external measurement to supplement the self-reported score.
I won’t go into the detail now, but the point is that it’s possible to move to evidenced-based discussion, relying on objective measurement rather than just an honor system.
We’re all on a journey to improve operational resilience, so let me hand back to Kevin Duffey, to drive our conversation forward.