![]() ![]() In 2015, PwC’s “ 18th Annual Global CEO Survey” showed that 61 percent of CEOs are concerned about “cyber threats, including lack of data security.” Cybersecurity was listed third in level of strategic importance (78 percent), just behind mobile technologies for customer engagement (81 percent) and data mining and analysis (80 percent).However, for directors, the author noted that the “one thing you can’t do is escape responsibility.” An article titled “ Do boards have a role in cyber-risk?” asked whether boards need a cyber risk expert within their ranks.Even more interesting is the perspective from the board that, in the event of a major breach, the order in which directors would hold leaders accountable for the breach started with the CEO, who was then followed by the CIO, the entire executive team and, in fourth place, the CISO. The “ Cybersecurity in the Boardroom” report highlighted a definite trend in the level of interest in the discussion of cyber risks in the boardroom: About 35 percent said that cybersecurity matters were discussed at every meeting, while another 46 percent indicated they were discussed at most meetings. In 2015, NYSE Governance Services surveyed about 200 directors of public companies.A first-quarter 2015 New York Stock Exchange (NYSE) special report entitled “ Managing Cyber Risk: Are Companies Safeguarding Their Assets?” pointed out that 42 percent of boards surveyed “admitted their board only occasionally discusses cyber/IT security.” Also, only 21 percent of the directors reported their company had “IT risk well under control with regard to a possible cyber breach.”.Here is a sampling from the past year showing the level of interest - or, depending on your perspective, the demands from executives or directors - in the management of cyber risks. The WEF is not alone in pointing out the need for CISOs, CIOs, business executives and boards of directors to have more frequent, productive conversations around cyber risks and to properly oversee the effectiveness of controls deployed to mitigate them. C-Suites Must Have Knowledge of Cyber Risks Deloitte offered a more in-depth look at the relationship between risk and compliance, including measuring the status of risk governance. The report also covers the different types of models from which to derive quantified risks: the Monte Carlo Method, Behavioral Modeling, Parametric Modeling and the Delphi Method, to name a few. The report uses a cyber value-at-risk approach that aims to determine the value of x, or the amount of money over a period that businesses would lose in a successful cyberattack. Only then will management boards be able to take sound risk/reward decisions in this volatile world and thus secure their organizations’ cyber resilience.” In 2015, the WEF released a special report titled “ Partnering for Cyber Resilience Towards the Quantification of Cyber Threats.” As Jacques Buith, the managing partner at Deloitte Risk Services, pointed out, “We need to be able to quantify cyber risks if proper cyber resilience assurance is to be achieved. Market leaders are finding that cyber risk management needs to be owned by the C-suite rather than by IT.” As a PricewaterhouseCoopers (PwC) presentation titled “ Threat Smart: Building a Cyber Resilient Financial Institution” put it: “Cyber risk is a business issue, not just a technology issue. Since then, every yearly edition of the WEF’s Global Risks Reports have featured cyber risks front and center. In 2012, as the importance of cybersecurity grew more apparent for business leaders around the globe, the World Economic Forum (WEF) launched a new initiative called the Partnership for Cyber Resilience.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |