Cyber is just another RISK, but it needs better management - IRM Report
IRM calls for more integration of Cyber Risk Management into Business Planning
The Institute of Risk Management have published guidance on Cyber Risk Management to provide more information and discuses the implications and action needed across the profession. It is complemented by a resource manual that goes into more detail and offers various tools for practitioners.
The IRM share our view that when stripped of ‘techie speak’, cyber risk is really just another risk and that while the technical dimensions of Information Security and Cyber Risk must be acted on, it’s vital that the connection with wider business risk management must be developed and skills employed by risk professionals used by many more organisations.
The Executive Summary of the report highlights the important role of Insurance in helping provide the business provide the additional resources needed to manage the consequences, but also stresses that a more coherent approach is needed to minimise exposure and limit the impact as part of a wider assessment programme. This approach recognises the the effects of a cyber event can extend out quickly and add to the losses or disruption felt, adding costs that can easily exceed the Insurable Loss and helping ensure a more comprehensive approach to the Cyber Risk and Information Security that protects far more of the business’s interests.
With the right approach organisations can meet the risks and with simple control process eliminate up to 80% of the causes of breaches.
To download the Executive Summary please click below. To buy the Resources for Practitioners Guide please click here
You might also like ...
Research and Intelligence Report- IBM MSS Threat Research Group
IBM has published an intelligence report detailing their experience and insight following the reporting of a long standing vulnerability in the GNU Bash shell (widely used on Linux, Solaris and Mac OS systems).
This sparked the mobilization of attacks known as “shellshock” beginning in late September 2014. This is the IBM Analysis of the Shellshock Bug and how it was used.