Cyber is just another RISK, but it needs better management - IRM Report
IRM calls for more integration of Cyber Risk Management into Business Planning
The Institute of Risk Management
have published guidance on Cyber Risk Management to provide more information and discuses the implications and action needed across the profession. It is complemented by a resource manual that goes into more detail and offers various tools for practitioners.
The IRM share our view that when stripped of ‘techie speak’, cyber risk is really just another risk and that while the technical dimensions of Information Security and Cyber Risk must be acted on, it’s vital that the connection with wider business risk management must be developed and skills employed by risk professionals used by many more organisations.
The Executive Summary
of the report highlights the important role of Insurance in helping provide the business provide the additional resources needed to manage the consequences, but also stresses that a more coherent approach is needed to minimise exposure and limit the impact as part of a wider assessment programme. This approach recognises the the effects of a cyber event can extend out quickly and add to the losses or disruption felt, adding costs that can easily exceed the Insurable Loss and helping ensure a more comprehensive approach to the Cyber Risk and Information Security that protects far more of the business’s interests.
With the right approach organisations can meet the risks and with simple control process eliminate up to 80% of the causes of breaches.
To download the Executive Summary please click below. To buy the Resources for Practitioners Guide please click here
You might also like ...
In November 2012 the National Protection and Programs Directorate of the US Department of Homeland Security released the findings from its Cybersecurity Insurance workshop.
The workshop was delivered in November and engaged with a diverse group of stakeholders to discuss how organisations may better develop an effective connection between the cyber security activities they undertake and the broader topic of insurance. Over 60 participants attended to discuss the issues and opportunities.