Cyber is just another RISK, but it needs better management - IRM Report
IRM calls for more integration of Cyber Risk Management into Business Planning
The Institute of Risk Management
have published guidance on Cyber Risk Management to provide more information and discuses the implications and action needed across the profession. It is complemented by a resource manual that goes into more detail and offers various tools for practitioners.
The IRM share our view that when stripped of ‘techie speak’, cyber risk is really just another risk and that while the technical dimensions of Information Security and Cyber Risk must be acted on, it’s vital that the connection with wider business risk management must be developed and skills employed by risk professionals used by many more organisations.
The Executive Summary
of the report highlights the important role of Insurance in helping provide the business provide the additional resources needed to manage the consequences, but also stresses that a more coherent approach is needed to minimise exposure and limit the impact as part of a wider assessment programme. This approach recognises the the effects of a cyber event can extend out quickly and add to the losses or disruption felt, adding costs that can easily exceed the Insurable Loss and helping ensure a more comprehensive approach to the Cyber Risk and Information Security that protects far more of the business’s interests.
With the right approach organisations can meet the risks and with simple control process eliminate up to 80% of the causes of breaches.
To download the Executive Summary please click below. To buy the Resources for Practitioners Guide please click here
You might also like ...
Financial cyber-crimes are becoming such a frequent feature in the media that one might be forgiven for feeling a little "cyber-fatigued."
However, the scale of the thefts from financial institutions, as reported by Kaspersky Labs recently, are arguably unique in their scale and audacity. Kaspersky describes hooded "money mules" waiting at ATMs, controlled remotely to dispense cash at a particular time without the need for a bank card.