Putting Cyber Risk on the Boardroom Agenda
While most Australian organisations have become familiar with the warnings to heighten their cyber security, last week’s revelation by the Australian Signals Directorate that cyber attacks on our businesses and government rose 20 per cent in 2014, confirms the rapid speed at which the threat is growing.
This statistic from the Department of Defence’s intelligence agency is a swift and timely follow up for many Marsh clients who attended a recent breakfast seminar on cyber risks in Sydney hosted by Marsh & McLennan Companies (MMC). The event on Thursday 16 April saw some 100 representatives from Australian business community hear from the ASIC Commissioner, Cathie Armour, as she spoke about the regulator’s recent efforts to encourage greater awareness of the risk within the Australian companies, particularly at the board and director level. The Commissioner stressed the importance of greater engagement and collaborations with both industry and government in developing appropriate measures.
The briefing also introduced Verizon’s 2015 Breach Investigations Report, one of the first public presentations following the release of the report two days earlier.
The event coincided with a visit to Australia from MMC’s President and CEO, Dan Glaser, who provided a global perspective and shared with the group his personal sentiment that ownership of cyber risk starts at the top, with the CEO Role basically doubling as a shadow role as Chief Information Officer.
In a robust panel discussion, subject matter experts from each of the MMC companies provided their perspectives on how organisations could better approach the risk.
Susan Elias and Costa Zakis offer some of the pertinent points that emerged from the panel discussion:
Understanding the threat to your organisation
The journey to becoming cyber resilient begins with understanding the extent and scope of a firm’s cyber risk exposures, which would typically include:
- Cyber risk identification
- Cyber risk assessment
- Cyber risk quantification
The team at Marsh Risk Consulting can assist in this endeavour, with specialists available to:
- Develop or update risk registers of cyber and privacy risks
- Undertake both cyber resilience reviews and privacy resilience reviews
- Develop, implement and test a cyber incident response plan
Transferring the cyber risk
Importantly, Marsh is also able to help facilitate risk mitigation insurance solutions through the following activities:
- Undertaking an insurance gap analysis, mapping cyber security and privacy exposures against current insurance arrangements
- Formulating cyber risk profile and determine key coverage requirements
- Negotiating tailored cyber insurance quotes aligned with key coverage requirements
- Recommending an appropriate, bespoke cyber insurance solution
As every firm’s cyber risk profile will be unique, overlaid against the varying policy forms available in the market, it is important that the appropriate cyber insurance solution be tailored as noted above.
Responding to a cyber attack
For many organisations, the culmination of the cyber journey may be with a cyber attack, no matter their risk mitigation defences.
At this point in time, analysts from the Forensic Accounting and Claims Services team have specialised skills to assist with the crisis management response, as well as the forensic analysis to determine where the breach occurred and ways to remedy it.