CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | June 20169CIOReview· Ensure enterprise-wide governance is in place. · Assume hackers are already inside. · Invest in making your whole workforce cyber-smart. · Consider technology one of several lines of defense. · Insure for cyber threats that you can't mitigate. · Allocate enough capital to the right cyber defenses­protect your crown jewels. Enterprise-Wide Governance:A cyber strategy should be led from the `C-Suite'. It needs to be managed on a whole-enterprise basis, with collabora-tion across corporate functions. The senior executive who orchestrates a cyber strategy should combine commercial nous and the relevant understanding of IT, HR, legal and reputational issues. Assume Hackers, Already Inside: We need to assume not only those hackers are trying to get in, but they are already inside our companies' data. Tack-ling the enemy within requires different measures from trying to keep them out. Organizations should initiate regular stress-testing of data to improve detection, and invest in measures to make it less financially rewarding and more time-consuming for hackers to attack in the first place. Invest in Making the Workforce Cyber-Smart:Investing in enterprise-wide cyber-security training is expen-sive, but a vigilant workforce is a vital protection. It means of-fering a combination of rewards and disincentives, encourages a culture supportive to cyber security. Not all training will deliver 100 Percent perfection, but it can improve prevention. See Technology as One of Several Lines of Defense:IT solutions are often the first port of call for organizations look-ing at cyber defense. It's important to understand that technologi-cal defenses are critical, but not sufficient response on their own.Insure for Cyber Threats We Cannot Mitigate:While insurance is an old and experienced industry, the cy-ber risk market is young and because these risks are hard to quantify, insurance companies' willingness to put capi-tal at risk is currently constrained. No doubt the market will broaden and deepen over time, but we have to become better at understanding and quantifying cyber risk, its financial and non-financial impact. Allocate Enough Capital to the Right Cyber Defenses:Companies need to understand, quantify and provide for their greatest cyber exposures. This starts with identifying critical assets to create a critical digital asset register. These are assets which impact on financial stability, customer relationships, and regulatory compliance and trust. They might include infra-structure, data, applications, or services supplied by third par-ties. We are in the middle of a technological revolution in the way we live and do business. It's a very young revolution, with amazing opportunities and substantial risks. Some argue that the solution lies in technology, and the others in institutions, human behavior and insurance. We think it's all of those things coming together. By bringing together institutional responses and technological solutions, by influencing human behavior, and developing the insurance market, we can distribute cyber risk and enjoy the promise of a connected future. A cyber strategy should be led from the `C-Suite'. It needs to be managed on a whole-enterprise basis, with collaboration across corporate functionsDominic Casserley
< Page 8 | Page 10 >