SlideShare a Scribd company logo

Executive Summary on the Cyber Risk Webinar

FERMA
FERMA

Executive Summary on the Cyber Risk Webinar

BusinessTechnology
1 of 7
Download to read offline
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com november 27, 2012 featuring Mark Fishleigh, Jérôme Gossé, Julia Graham, and Andrew Horrocks Meeting the Cyber Risk Challenge Sponsored by
WEBINARS © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 2 OVERVIEW Even as cyber attacks increase in frequency, scope, and sophistication—and regulators impose harsher penalties for lack of regulatory compliance and loss of sensitive data—many companies are still not devoting sufficient strategic focus to these threats. In an era where digital information and technologies are part of everyone’s life, organiza- tions must improve their institutional preparedness to protect against, monitor, and respond to cyber threats and losses, which are inadequately covered by traditional liability insurance. Every firm needs leadership, planning, and training that extends beyond IT to encompass every stakeholder who owns information assets. CONTEXT Four information security experts discussed the growth in cyber attacks, how organizations can better prepare, and the role of insurance. Key learnings In our digitally interconnected world, cyber security is a rising concern. From stolen Sony PlayStation accounts to compromised credit cards and health records, data breaches are becoming all too frequent. Changing threat levels, increased supply chain integra- tion, and greater stakeholder demands are some of the challenges that businesses face today. The Information Security Forum defines cyber security as: Beyond embarrassment, companies face financial damage, competitive inroads, and significant regulatory sanctions when confidential information is inadequately protected. Cyber threats arise from a variety of sources, many of which are extremely sophisticated: contributors Mark Fishleigh Director, BAE Detica Jérôme Gossé Financial Lines Underwriter, Zurich Global Corporate France Julia Graham Chief Risk Officer, DLA Piper International LLP Andrew Horrocks Partner, Clyde & Co. Angelia Herrin (Moderator) Editor for Special Projects and Research, Harvard Business Review november 27, 2012 Meeting the Cyber Risk Challenge The organization’s ability to secure its people, information, systems, and reputation in cyber space. Attacker Threat Intent Hackers Targeted websites, denial-of-service (DOS), commercial malware Thrills, bragging rights, vandalism Activists DOS, targeted attacks Reputational damage, vandalism, publicity Organized crime Information theft, insider-assisted data loss Financial gain, fraud Industrial spies Theft of strategic or product information Commercial advantage State-sponsored Malware, monitoring, theft Economic and political advantage, disruption
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 3 november 27, 2012Meeting the Cyber Risk Challenge Financial repercussions from a cyber incident can be severe: stock valuation declines, costs to upgrade infrastructure on an emergency basis, devaluation of intellectual property, overtime pay, and loss of customers. Organizations are only slowly responding to cyber security needs. Harvard Business Review and the Zurich Insurance Group recently surveyed members of FERMA (The Federation of European Risk Management Associations) about their cyber security preparation. Three-quarters of respondents reported having increasing concern about information security and privacy, and a majority said that board involvement is growing in their firms. Despite the importance of and worry about cyber security, the level of strategic focus and readiness is lacking at many firms, as indicated by other survey findings: • Only 16.3% have a chief information security officer (CIO); 40% say the CIO is in charge of security. • While the majority agreed that government and business must cooperate, 55% cited con- cerns about restrictive data-protection rules, and 48.7% worried about breach notification requirements. • Less than half (44.1%) said their company’s budget for managing cyber risk had increased. • 36.3% said that training occurs either annually or biannually. Most of the survey respondents were Europe-based, where the European Commission is actively considering far more stringent compulsory notification regulations that would apply to all 27 EU countries, as well as to companies doing business in those countries. Violations could be penalized significantly, at no less than 2% of a firm’s annual global revenue, which would greatly increase the price of a cyber security failure. These new laws may be in place within two or three years, so companies everywhere need to prepare. Enterprise risk management is a strategic issue that is everyone’s job. Given both the incidence of attacks and the severity of penalties, firms need to promote enter- prise risk management (ERM). In increasing the focus on ERM to address cyber security risks, activities should range from incorporating cyber security as part of a company’s board-level corporate strategy to IT-oriented tactics that permeate the organization. ERM should involve every department, stakeholder, and partner that owns information assets: Human Resources (employee data, including salary, health, and performance), Finance (accounts), Marketing (product information and plans), and Legal (contracts), as well as com- pliance and audit teams. Even third-party channel partners need to participate, because it is likely that companies hold trade secrets that must be protected. “Many business lead- ers fail to focus on the strategic risks associated with cyber information.” —Julia Graham “The situation is go- ing to change quite drastically if the draft regulation, which has been published by the European Com- mission, comes into force.” —Andrew Horrocks
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 4 november 27, 2012Meeting the Cyber Risk Challenge Further, most organizations above a certain size require a governance committee or a steering group that brings together all key stakeholders. Even if the CIO is ultimately tasked with ERM leadership, everyone in the organization must take responsibility to monitor and limit cyber risk. For example, an organization may go to great lengths to encrypt its documents, but an employee could inadvertently copy a sensitive document to an unencrypted memory stick. Awareness and procedural training are essential, but it is important that messaging not be overly technical. Real-world scenarios work particularly well to educate people, even the board, about risks. A four-step approach helps firms plan for cyber loss prevention and control: 1. Prepare. Understand cyber risks and plan their mitigation. An effective security strategy must align with an organization’s specific information and risk profile: What information does the enterprise control? Which types need to be kept confidential? How can this be implemented without crippling inter-departmental and supply chain communications? What is the organization’s risk tolerance? 2. Protect. Guard information and IT from attack, and reduce the potential impact of inci- dents. This can involve everything from clean-desk policies and electronic office access to walls around information that nevertheless permit secure sharing. For example, a market- ing department must remove personally identifiable customer data before sending informa- tion to an analytics partner. 3. Monitor. Track system log data to flag suspicious behaviors and prevent incipient incidents. 4. Respond. When an incident ultimately occurs, manage the consequences to minimize its impact. This management involves rapid technical, legal, corporate communications, and marketing responses, followed by investigation, remediation, assessment, and security improvements. Figure 1 Steps Following a Cyber Attack “Use a language that people understand. Don’t use techno- speak, because peo- ple’s eyes will glaze over.” —Julia Graham “Work out which of the risks are above the risk tolerance that you as an organiza- tion are prepared to live with. Those are the risks that you need to find a way to mitigate.” —Mark Fishleigh
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 5 november 27, 2012Meeting the Cyber Risk Challenge Cyber risk insurance fills traditional insurance’s gaps. Companies are finding that their traditional insurance has coverage gaps. These gaps are increasingly relevant as the cost, frequency, and publicity of cyber incidents escalate; as the regulatory environment becomes more complex and rigorous; and as companies increasingly rely on new technologies such as cloud computing, digital wallets, and mobile devices. A commercial general liability (CGL) policy commonly protects businesses against liability claims for bodily injury and property damage. A typical cyber policy, on the other hand, covers: • First-party losses (i.e., of the insured), including legal liability and professional costs, breach notification costs, revenue impairment, internal fraud, computer virus data corrup- tion, IT forensic auditing, cyber extortion, and crisis consulting and brand management. For example, an attack on a retailer’s website could result in significant revenue losses, which would not be covered by traditional insurance. • Third-party claims (i.e., from customers), such as class-action suits, breach-of-confiden- tiality actions, negligence liability, and contract liability. Additional resources ƒƒ Download the Information Security Forum’s 2012 Standard of Good Practice for Informa- tion Security at: www.bit.ly/QsZhog. “Insurance is the last step in the cyber risk management pro- cess.” —Jérôme Gossé
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 6 The information contained in this summary reflects BullsEye Resources, Inc.’s subjective condensed summarization of the applicable conference session. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the session. In no way does BullsEye Resources or Harvard Business Review assume any responsibility for any information provided or any decisions made based upon the information provided in this document. november 27, 2012Meeting the Cyber Risk Challenge BIOGRAPHIES Mark Fishleigh Director, BAE Detica Mark Fishleigh is a Director at Detica in its growing financial services practice. The company develops, integrates, and man- ages information, intelligent solutions to help clients deliver effective and secure services. Mark’s primarily focus is in the insurance sector, applying Detica’s deep capabilities in data consulting, advanced analytics, and cyber security. Mark has worked in the IT-enabled industries for 17 years and worked with clients in the financial services industry for most of this time. Prior to joining Detica, Mark spent 15 years working at Accenture primarily on outsourcing and IT-enabled transformation programmes. Most recently, he established and led Accenture’s offshore-centric IT services business in the UK. Jérôme Gossé Financial Lines Underwriter, Zurich Global Corporate France Jerome Gosse is the financial lines underwriter with Zurich Global Finance. He is a professional indemnity under- writer within the financial lines depart- ment. He’s involved in the team in charge of developing the Zurich Security and Privacy Insurance Solution in Europe. Previously he was a client advisor within the Marsh Finpro Department and also the communication, media, and technol- ogy practice leader in France. Jerome received his bachelor’s degree in commercial and business law from the Université d’Evry-Val d’Essonne and his Master degree in digital law and informa- tion technology from the Université Paris Sud (Paris XI). He is also a member of the Registered Insurance Brokers of Ontario (RIBO). Julia Graham Chief Risk Officer, DLA Piper International LLP Julia Graham has worked in the world of risk management for over 30 years. She is the Chief Risk Officer for DLA Piper, the largest legal services organization in the world. Previously she was head of global group risk management at the insurance company RSA where she had a back- ground in general management and risk management as the company’s first group manager. Previously Julia was head of Global Group Risk Management at the insurance com- pany RSA where she had a background in general management and risk manage- ment, as the company’s first Group Risk Manager. Julia is a past Chairman of AIRMIC, the UK association of insurance and risk managers, and Chairman of the Risk Panel of the Managing Partners’ Forum whose membership specifically focus on professional services organiza- tions. She was Chairman of the British Standards Institution (BSi) committee, which published the first British standard for Risk Management. She is a frequent conference speaker, co-author of A Risk Management Approach to Business Con- tinuity, and regular author of articles on risk and insurance.
© 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 7 The information contained in this summary reflects BullsEye Resources, Inc.’s subjective condensed summarization of the applicable conference session. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the session. In no way does BullsEye Resources or Harvard Business Review assume any responsibility for any information provided or any decisions made based upon the information provided in this document. november 27, 2012Meeting the Cyber Risk Challenge Andrew Horrocks Partner, Clyde & Co. Andrew Horrocks is a partner with Clyde & Company in the professional and com- mercial disputes team, and with wide insurance cyber and IT-related claims experience. His broad experience includes a variety of IT-related claims, including software development and licensing, IT procurement, consultancy, and outsourc- ing matters. He advises on claims, insur- ance, and legal risk management related to technology, e-commerce, and cyber- risk and handles contentious issues con- cerning IP, websites, and email use. He also handles company and shareholder disputes in the financial, technology and other industry sectors. Andrew is also well known for his professional liability work, not least for solicitors and IT professionals and their insurers. He has considerable experience of mortgage fraud claims and multiparty litigation. He has extensive expertise in mediation and experience in arbitration and other alternative dispute resolution techniques. Andrew writes and lectures widely on legal and dispute-handling topics. He publishes articles in the legal and national press and contributes to the Sweet & Maxwell Encyclopedia of IT Law. He also recently edited a book comparing com- mercial litigation principles in numerous countries worldwide. He received his degree from the University of Oxford. Angelia Herrin (Moderator) Editor for Research and Special Projects, Harvard Business Review Angelia Herrin is Editor for Research and Special Projects at Harvard Business Review. At Harvard Business Review, Herrin oversaw the re-launch of the management newsletter line and estab- lished the conference and virtual seminar division for Harvard Business Review. More recently, she created a new series to deliver customized programs and prod- ucts to organizations and associations. Prior to coming to Harvard Business Review, Herrin was the vice president for content at womenConnect.com, a website focused on women business owners and executives. Herrin’s journalism experience spans twenty years, primarily with Knight- Ridder newspapers and USA Today. At Knight- Ridder, she covered Congress, as well as the 1988 presidential elections. At USA Today, she worked as Washing- ton editor, heading the 1996 election coverage. She won the John S. Knight Fellowship in Professional Journalism at Stanford University in 1989–90.

Recommended

Everything You Need to Know About Chargebacks
Everything You Need to Know About ChargebacksEverything You Need to Know About Chargebacks
Everything You Need to Know About ChargebacksEran Feinstein
 
Business Ethics
Business EthicsBusiness Ethics
Business Ethicspurval
 
Survey: Indonesia Consumer Behaviour
Survey: Indonesia Consumer BehaviourSurvey: Indonesia Consumer Behaviour
Survey: Indonesia Consumer BehaviourVinda Karuna Mudita
 
Bangladesh bank heist case study!
Bangladesh bank heist case study!Bangladesh bank heist case study!
Bangladesh bank heist case study!Mohammed Jaseem Tp
 
Business ethics and Corporate Governance
Business ethics and Corporate GovernanceBusiness ethics and Corporate Governance
Business ethics and Corporate Governancesaadiakh
 
Chargeback - english version
Chargeback - english versionChargeback - english version
Chargeback - english versionPayU Group
 
Csr
CsrCsr
Csrprashantdevyadav
 
The Principles of CSR
The Principles of CSRThe Principles of CSR
The Principles of CSREmmanuel Daniel
 

Recommended

Everything You Need to Know About Chargebacks
Everything You Need to Know About ChargebacksEverything You Need to Know About Chargebacks
Everything You Need to Know About ChargebacksEran Feinstein
 
Business Ethics
Business EthicsBusiness Ethics
Business Ethicspurval
 
Survey: Indonesia Consumer Behaviour
Survey: Indonesia Consumer BehaviourSurvey: Indonesia Consumer Behaviour
Survey: Indonesia Consumer BehaviourVinda Karuna Mudita
 
Bangladesh bank heist case study!
Bangladesh bank heist case study!Bangladesh bank heist case study!
Bangladesh bank heist case study!Mohammed Jaseem Tp
 
Business ethics and Corporate Governance
Business ethics and Corporate GovernanceBusiness ethics and Corporate Governance
Business ethics and Corporate Governancesaadiakh
 
Chargeback - english version
Chargeback - english versionChargeback - english version
Chargeback - english versionPayU Group
 
Csr
CsrCsr
Csrprashantdevyadav
 
The Principles of CSR
The Principles of CSRThe Principles of CSR
The Principles of CSREmmanuel Daniel
 
Managing ethical-dilemmas
Managing ethical-dilemmasManaging ethical-dilemmas
Managing ethical-dilemmaskerrigans
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility pptMohamed Meeran
 
Alipay
AlipayAlipay
Alipayssuserd37032
 
Taj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service MarketingTaj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service MarketingPrachi Shastri
 
Company profile
Company profileCompany profile
Company profileAnupan Jain
 
Digital bank
Digital bankDigital bank
Digital bankMalkhaz Pertaia
 
Individual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and ValueIndividual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and Valuedgoti3111
 
The Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton FriedmanThe Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton FriedmanHector Rodriguez
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)Aravind Krishnaswamy
 
Preventing Bank's Fraud and Forgery
Preventing Bank's Fraud and ForgeryPreventing Bank's Fraud and Forgery
Preventing Bank's Fraud and ForgeryAsad Hameed
 
Deloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace SurveyDeloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace SurveyElizabeth Lupfer
 
Ethics Briefing
Ethics BriefingEthics Briefing
Ethics BriefingJames Baker, SPHR Retired, MAS
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud PreventionGerald Johnson
 
Unethical Practices
Unethical PracticesUnethical Practices
Unethical PracticesJeremy Paul Gecolea
 
Ethical decision making
Ethical decision makingEthical decision making
Ethical decision makingmlbalmeo
 
Samsung tqm
Samsung tqmSamsung tqm
Samsung tqmManika Gupta
 
ARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 PresentationARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 PresentationMichael Hill
 
Gun manufacturers and responsibility
Gun manufacturers and responsibilityGun manufacturers and responsibility
Gun manufacturers and responsibilityToqeer Naseer
 
Future of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sectorFuture of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sectorusmsystems
 
Corporate Ethics
Corporate EthicsCorporate Ethics
Corporate EthicsHimangi Chanana
 
CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU PresentationTodd Rowe
 
ACAM webinar presentation final v4
ACAM webinar presentation final v4ACAM webinar presentation final v4
ACAM webinar presentation final v4HB Litigation Conferences
 

More Related Content

What's hot

Managing ethical-dilemmas
Managing ethical-dilemmasManaging ethical-dilemmas
Managing ethical-dilemmaskerrigans
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility pptMohamed Meeran
 
Taj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service MarketingTaj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service MarketingPrachi Shastri
 
Individual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and ValueIndividual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and Valuedgoti3111
 
The Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton FriedmanThe Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton FriedmanHector Rodriguez
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)Aravind Krishnaswamy
 
Preventing Bank's Fraud and Forgery
Preventing Bank's Fraud and ForgeryPreventing Bank's Fraud and Forgery
Preventing Bank's Fraud and ForgeryAsad Hameed
 
Deloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace SurveyDeloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace SurveyElizabeth Lupfer
 
Ethical decision making
Ethical decision makingEthical decision making
Ethical decision makingmlbalmeo
 
ARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 PresentationARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 PresentationMichael Hill
 
Gun manufacturers and responsibility
Gun manufacturers and responsibilityGun manufacturers and responsibility
Gun manufacturers and responsibilityToqeer Naseer
 
Future of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sectorFuture of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sectorusmsystems
 

What's hot (20)

Managing ethical-dilemmas
Managing ethical-dilemmasManaging ethical-dilemmas
Managing ethical-dilemmas
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility ppt
 
Alipay
AlipayAlipay
Alipay
 
Taj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service MarketingTaj Mahal Palace Hotel Service Marketing
Taj Mahal Palace Hotel Service Marketing
 
Company profile
Company profileCompany profile
Company profile
 
Digital bank
Digital bankDigital bank
Digital bank
 
Individual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and ValueIndividual Factors: Moral Philosophies and Value
Individual Factors: Moral Philosophies and Value
 
The Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton FriedmanThe Social Responsibility Of Business by Milton Friedman
The Social Responsibility Of Business by Milton Friedman
 
India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)India - A Cashless Economy (NPCI/UPI)
India - A Cashless Economy (NPCI/UPI)
 
Preventing Bank's Fraud and Forgery
Preventing Bank's Fraud and ForgeryPreventing Bank's Fraud and Forgery
Preventing Bank's Fraud and Forgery
 
Deloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace SurveyDeloitte 2009 Ethics Workplace Survey
Deloitte 2009 Ethics Workplace Survey
 
Ethics Briefing
Ethics BriefingEthics Briefing
Ethics Briefing
 
Fraud Prevention
Fraud PreventionFraud Prevention
Fraud Prevention
 
Unethical Practices
Unethical PracticesUnethical Practices
Unethical Practices
 
Ethical decision making
Ethical decision makingEthical decision making
Ethical decision making
 
Samsung tqm
Samsung tqmSamsung tqm
Samsung tqm
 
ARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 PresentationARC MGMT 374 Week 4 Presentation
ARC MGMT 374 Week 4 Presentation
 
Gun manufacturers and responsibility
Gun manufacturers and responsibilityGun manufacturers and responsibility
Gun manufacturers and responsibility
 
Future of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sectorFuture of artificial intelligence in the banking sector
Future of artificial intelligence in the banking sector
 
Corporate Ethics
Corporate EthicsCorporate Ethics
Corporate Ethics
 

Viewers also liked

CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU PresentationTodd Rowe
 
The Internet of Things: P&C Carriers & the Power of Digital
The Internet of Things: P&C Carriers & the Power of DigitalThe Internet of Things: P&C Carriers & the Power of Digital
The Internet of Things: P&C Carriers & the Power of DigitalCognizant
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemMaurizio Caporali
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
IoT and Insurance - Insurance breakfast
IoT and Insurance - Insurance breakfastIoT and Insurance - Insurance breakfast
IoT and Insurance - Insurance breakfastComarch
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
CPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance SpecificsCPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance SpecificsJoseph Brunsman
 
The Insurance of Things - How IoT Will Disrupt The Insurance Industry
The Insurance of Things - How IoT Will Disrupt The Insurance IndustryThe Insurance of Things - How IoT Will Disrupt The Insurance Industry
The Insurance of Things - How IoT Will Disrupt The Insurance IndustryAtooma Inc
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
 
Optimizing the Internet of Things: Key Strategies for Commercial Insurers
Optimizing the Internet of Things: Key Strategies for Commercial InsurersOptimizing the Internet of Things: Key Strategies for Commercial Insurers
Optimizing the Internet of Things: Key Strategies for Commercial InsurersCognizant
 
IoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryIoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryNTT DATA Consulting, Inc.
 
Fifty Features of Java EE 7 in 50 Minutes
Fifty Features of Java EE 7 in 50 MinutesFifty Features of Java EE 7 in 50 Minutes
Fifty Features of Java EE 7 in 50 Minutesglassfish
 

Viewers also liked (17)

CPSU Presentation
CPSU PresentationCPSU Presentation
CPSU Presentation
 
ACAM webinar presentation final v4
ACAM webinar presentation final v4ACAM webinar presentation final v4
ACAM webinar presentation final v4
 
The Internet of Things: P&C Carriers & the Power of Digital
The Internet of Things: P&C Carriers & the Power of DigitalThe Internet of Things: P&C Carriers & the Power of Digital
The Internet of Things: P&C Carriers & the Power of Digital
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber Webinar
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical System
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
IoT and Insurance - Insurance breakfast
IoT and Insurance - Insurance breakfastIoT and Insurance - Insurance breakfast
IoT and Insurance - Insurance breakfast
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
CPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance SpecificsCPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance Specifics
 
The Insurance of Things - How IoT Will Disrupt The Insurance Industry
The Insurance of Things - How IoT Will Disrupt The Insurance IndustryThe Insurance of Things - How IoT Will Disrupt The Insurance Industry
The Insurance of Things - How IoT Will Disrupt The Insurance Industry
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
 
Optimizing the Internet of Things: Key Strategies for Commercial Insurers
Optimizing the Internet of Things: Key Strategies for Commercial InsurersOptimizing the Internet of Things: Key Strategies for Commercial Insurers
Optimizing the Internet of Things: Key Strategies for Commercial Insurers
 
IoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance IndustryIoT: Disruption and Opportunity in the Insurance Industry
IoT: Disruption and Opportunity in the Insurance Industry
 
Fifty Features of Java EE 7 in 50 Minutes
Fifty Features of Java EE 7 in 50 MinutesFifty Features of Java EE 7 in 50 Minutes
Fifty Features of Java EE 7 in 50 Minutes
 

Similar to Executive Summary on the Cyber Risk Webinar

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Deepa Devadas
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assetscyberprosocial
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Ahad
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 

Similar to Executive Summary on the Cyber Risk Webinar (20)

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital AssetsDefensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
Defensive Cybersecurity: A Modern Approach to Safeguarding Digital Assets
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 

More from FERMA

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilienceFERMA
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience FERMA
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...FERMA
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...FERMA
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020FERMA
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020FERMA
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterFERMA
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...FERMA
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...FERMA
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationFERMA
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationFERMA
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?FERMA
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...FERMA
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...FERMA
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management FERMA
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019FERMA
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018FERMA
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?FERMA
 

More from FERMA (20)

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agenda
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilience
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland Water
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?
 

Recently uploaded

The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 

Recently uploaded (20)

The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 

Executive Summary on the Cyber Risk Webinar

  • 1. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com november 27, 2012 featuring Mark Fishleigh, Jérôme Gossé, Julia Graham, and Andrew Horrocks Meeting the Cyber Risk Challenge Sponsored by
  • 2. WEBINARS © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 2 OVERVIEW Even as cyber attacks increase in frequency, scope, and sophistication—and regulators impose harsher penalties for lack of regulatory compliance and loss of sensitive data—many companies are still not devoting sufficient strategic focus to these threats. In an era where digital information and technologies are part of everyone’s life, organiza- tions must improve their institutional preparedness to protect against, monitor, and respond to cyber threats and losses, which are inadequately covered by traditional liability insurance. Every firm needs leadership, planning, and training that extends beyond IT to encompass every stakeholder who owns information assets. CONTEXT Four information security experts discussed the growth in cyber attacks, how organizations can better prepare, and the role of insurance. Key learnings In our digitally interconnected world, cyber security is a rising concern. From stolen Sony PlayStation accounts to compromised credit cards and health records, data breaches are becoming all too frequent. Changing threat levels, increased supply chain integra- tion, and greater stakeholder demands are some of the challenges that businesses face today. The Information Security Forum defines cyber security as: Beyond embarrassment, companies face financial damage, competitive inroads, and significant regulatory sanctions when confidential information is inadequately protected. Cyber threats arise from a variety of sources, many of which are extremely sophisticated: contributors Mark Fishleigh Director, BAE Detica Jérôme Gossé Financial Lines Underwriter, Zurich Global Corporate France Julia Graham Chief Risk Officer, DLA Piper International LLP Andrew Horrocks Partner, Clyde & Co. Angelia Herrin (Moderator) Editor for Special Projects and Research, Harvard Business Review november 27, 2012 Meeting the Cyber Risk Challenge The organization’s ability to secure its people, information, systems, and reputation in cyber space. Attacker Threat Intent Hackers Targeted websites, denial-of-service (DOS), commercial malware Thrills, bragging rights, vandalism Activists DOS, targeted attacks Reputational damage, vandalism, publicity Organized crime Information theft, insider-assisted data loss Financial gain, fraud Industrial spies Theft of strategic or product information Commercial advantage State-sponsored Malware, monitoring, theft Economic and political advantage, disruption
  • 3. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 3 november 27, 2012Meeting the Cyber Risk Challenge Financial repercussions from a cyber incident can be severe: stock valuation declines, costs to upgrade infrastructure on an emergency basis, devaluation of intellectual property, overtime pay, and loss of customers. Organizations are only slowly responding to cyber security needs. Harvard Business Review and the Zurich Insurance Group recently surveyed members of FERMA (The Federation of European Risk Management Associations) about their cyber security preparation. Three-quarters of respondents reported having increasing concern about information security and privacy, and a majority said that board involvement is growing in their firms. Despite the importance of and worry about cyber security, the level of strategic focus and readiness is lacking at many firms, as indicated by other survey findings: • Only 16.3% have a chief information security officer (CIO); 40% say the CIO is in charge of security. • While the majority agreed that government and business must cooperate, 55% cited con- cerns about restrictive data-protection rules, and 48.7% worried about breach notification requirements. • Less than half (44.1%) said their company’s budget for managing cyber risk had increased. • 36.3% said that training occurs either annually or biannually. Most of the survey respondents were Europe-based, where the European Commission is actively considering far more stringent compulsory notification regulations that would apply to all 27 EU countries, as well as to companies doing business in those countries. Violations could be penalized significantly, at no less than 2% of a firm’s annual global revenue, which would greatly increase the price of a cyber security failure. These new laws may be in place within two or three years, so companies everywhere need to prepare. Enterprise risk management is a strategic issue that is everyone’s job. Given both the incidence of attacks and the severity of penalties, firms need to promote enter- prise risk management (ERM). In increasing the focus on ERM to address cyber security risks, activities should range from incorporating cyber security as part of a company’s board-level corporate strategy to IT-oriented tactics that permeate the organization. ERM should involve every department, stakeholder, and partner that owns information assets: Human Resources (employee data, including salary, health, and performance), Finance (accounts), Marketing (product information and plans), and Legal (contracts), as well as com- pliance and audit teams. Even third-party channel partners need to participate, because it is likely that companies hold trade secrets that must be protected. “Many business lead- ers fail to focus on the strategic risks associated with cyber information.” —Julia Graham “The situation is go- ing to change quite drastically if the draft regulation, which has been published by the European Com- mission, comes into force.” —Andrew Horrocks
  • 4. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 4 november 27, 2012Meeting the Cyber Risk Challenge Further, most organizations above a certain size require a governance committee or a steering group that brings together all key stakeholders. Even if the CIO is ultimately tasked with ERM leadership, everyone in the organization must take responsibility to monitor and limit cyber risk. For example, an organization may go to great lengths to encrypt its documents, but an employee could inadvertently copy a sensitive document to an unencrypted memory stick. Awareness and procedural training are essential, but it is important that messaging not be overly technical. Real-world scenarios work particularly well to educate people, even the board, about risks. A four-step approach helps firms plan for cyber loss prevention and control: 1. Prepare. Understand cyber risks and plan their mitigation. An effective security strategy must align with an organization’s specific information and risk profile: What information does the enterprise control? Which types need to be kept confidential? How can this be implemented without crippling inter-departmental and supply chain communications? What is the organization’s risk tolerance? 2. Protect. Guard information and IT from attack, and reduce the potential impact of inci- dents. This can involve everything from clean-desk policies and electronic office access to walls around information that nevertheless permit secure sharing. For example, a market- ing department must remove personally identifiable customer data before sending informa- tion to an analytics partner. 3. Monitor. Track system log data to flag suspicious behaviors and prevent incipient incidents. 4. Respond. When an incident ultimately occurs, manage the consequences to minimize its impact. This management involves rapid technical, legal, corporate communications, and marketing responses, followed by investigation, remediation, assessment, and security improvements. Figure 1 Steps Following a Cyber Attack “Use a language that people understand. Don’t use techno- speak, because peo- ple’s eyes will glaze over.” —Julia Graham “Work out which of the risks are above the risk tolerance that you as an organiza- tion are prepared to live with. Those are the risks that you need to find a way to mitigate.” —Mark Fishleigh
  • 5. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 5 november 27, 2012Meeting the Cyber Risk Challenge Cyber risk insurance fills traditional insurance’s gaps. Companies are finding that their traditional insurance has coverage gaps. These gaps are increasingly relevant as the cost, frequency, and publicity of cyber incidents escalate; as the regulatory environment becomes more complex and rigorous; and as companies increasingly rely on new technologies such as cloud computing, digital wallets, and mobile devices. A commercial general liability (CGL) policy commonly protects businesses against liability claims for bodily injury and property damage. A typical cyber policy, on the other hand, covers: • First-party losses (i.e., of the insured), including legal liability and professional costs, breach notification costs, revenue impairment, internal fraud, computer virus data corrup- tion, IT forensic auditing, cyber extortion, and crisis consulting and brand management. For example, an attack on a retailer’s website could result in significant revenue losses, which would not be covered by traditional insurance. • Third-party claims (i.e., from customers), such as class-action suits, breach-of-confiden- tiality actions, negligence liability, and contract liability. Additional resources ƒƒ Download the Information Security Forum’s 2012 Standard of Good Practice for Informa- tion Security at: www.bit.ly/QsZhog. “Insurance is the last step in the cyber risk management pro- cess.” —Jérôme Gossé
  • 6. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 6 The information contained in this summary reflects BullsEye Resources, Inc.’s subjective condensed summarization of the applicable conference session. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the session. In no way does BullsEye Resources or Harvard Business Review assume any responsibility for any information provided or any decisions made based upon the information provided in this document. november 27, 2012Meeting the Cyber Risk Challenge BIOGRAPHIES Mark Fishleigh Director, BAE Detica Mark Fishleigh is a Director at Detica in its growing financial services practice. The company develops, integrates, and man- ages information, intelligent solutions to help clients deliver effective and secure services. Mark’s primarily focus is in the insurance sector, applying Detica’s deep capabilities in data consulting, advanced analytics, and cyber security. Mark has worked in the IT-enabled industries for 17 years and worked with clients in the financial services industry for most of this time. Prior to joining Detica, Mark spent 15 years working at Accenture primarily on outsourcing and IT-enabled transformation programmes. Most recently, he established and led Accenture’s offshore-centric IT services business in the UK. Jérôme Gossé Financial Lines Underwriter, Zurich Global Corporate France Jerome Gosse is the financial lines underwriter with Zurich Global Finance. He is a professional indemnity under- writer within the financial lines depart- ment. He’s involved in the team in charge of developing the Zurich Security and Privacy Insurance Solution in Europe. Previously he was a client advisor within the Marsh Finpro Department and also the communication, media, and technol- ogy practice leader in France. Jerome received his bachelor’s degree in commercial and business law from the Université d’Evry-Val d’Essonne and his Master degree in digital law and informa- tion technology from the Université Paris Sud (Paris XI). He is also a member of the Registered Insurance Brokers of Ontario (RIBO). Julia Graham Chief Risk Officer, DLA Piper International LLP Julia Graham has worked in the world of risk management for over 30 years. She is the Chief Risk Officer for DLA Piper, the largest legal services organization in the world. Previously she was head of global group risk management at the insurance company RSA where she had a back- ground in general management and risk management as the company’s first group manager. Previously Julia was head of Global Group Risk Management at the insurance com- pany RSA where she had a background in general management and risk manage- ment, as the company’s first Group Risk Manager. Julia is a past Chairman of AIRMIC, the UK association of insurance and risk managers, and Chairman of the Risk Panel of the Managing Partners’ Forum whose membership specifically focus on professional services organiza- tions. She was Chairman of the British Standards Institution (BSi) committee, which published the first British standard for Risk Management. She is a frequent conference speaker, co-author of A Risk Management Approach to Business Con- tinuity, and regular author of articles on risk and insurance.
  • 7. © 2012 Harvard Business School Publishing. Created for Harvard Business Review by BullsEye Resources www.bullseyeresources.com www.hbr.org 7 The information contained in this summary reflects BullsEye Resources, Inc.’s subjective condensed summarization of the applicable conference session. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the session. In no way does BullsEye Resources or Harvard Business Review assume any responsibility for any information provided or any decisions made based upon the information provided in this document. november 27, 2012Meeting the Cyber Risk Challenge Andrew Horrocks Partner, Clyde & Co. Andrew Horrocks is a partner with Clyde & Company in the professional and com- mercial disputes team, and with wide insurance cyber and IT-related claims experience. His broad experience includes a variety of IT-related claims, including software development and licensing, IT procurement, consultancy, and outsourc- ing matters. He advises on claims, insur- ance, and legal risk management related to technology, e-commerce, and cyber- risk and handles contentious issues con- cerning IP, websites, and email use. He also handles company and shareholder disputes in the financial, technology and other industry sectors. Andrew is also well known for his professional liability work, not least for solicitors and IT professionals and their insurers. He has considerable experience of mortgage fraud claims and multiparty litigation. He has extensive expertise in mediation and experience in arbitration and other alternative dispute resolution techniques. Andrew writes and lectures widely on legal and dispute-handling topics. He publishes articles in the legal and national press and contributes to the Sweet & Maxwell Encyclopedia of IT Law. He also recently edited a book comparing com- mercial litigation principles in numerous countries worldwide. He received his degree from the University of Oxford. Angelia Herrin (Moderator) Editor for Research and Special Projects, Harvard Business Review Angelia Herrin is Editor for Research and Special Projects at Harvard Business Review. At Harvard Business Review, Herrin oversaw the re-launch of the management newsletter line and estab- lished the conference and virtual seminar division for Harvard Business Review. More recently, she created a new series to deliver customized programs and prod- ucts to organizations and associations. Prior to coming to Harvard Business Review, Herrin was the vice president for content at womenConnect.com, a website focused on women business owners and executives. Herrin’s journalism experience spans twenty years, primarily with Knight- Ridder newspapers and USA Today. At Knight- Ridder, she covered Congress, as well as the 1988 presidential elections. At USA Today, she worked as Washing- ton editor, heading the 1996 election coverage. She won the John S. Knight Fellowship in Professional Journalism at Stanford University in 1989–90.