Have You Identified All of Your Cyber Risk Stakeholders?
There is a growing awareness that cyber risk needs to be addressed comprehensively across organizations, yet less than one-third of companies believe their key stakeholders have been identified and understand their roles. That’s the takeaway from a poll of risk professionals during a recent Marsh The New Reality of Risk® webcast on cybersecurity.
We asked our listeners if they were “confident that the organization has identified all of the key stakeholders to our cyber risk management strategy and that they understand their roles.” More than 250 risk professionals responded:
- 31% said yes.
- 33% said no.
- 36% said they weren’t sure.
The results are another red flag, signaling that many companies have yet to develop a comprehensive cyber risk management strategy. If you’re not sure that all of the key stakeholders have been identified — risk manager, CEO, CFO, human resources (HR), information technology, operations, the board, and beyond — then your organization could be in for an unwanted and costly surprise.
So what does it mean to be a stakeholder in your firm’s comprehensive cyber risk management strategy?
- If you’re in operations it may mean developing — and testing — a plan to maintain daily operations, business processes, and workplace stability during a cyber event.
- If you’re an HR professional, it may mean ensuring that appropriate training is rolled out across the organization.
- And if you’re a risk manager, it means ensuring connectivity between various stakeholders in assessing, managing, and responding to cyber threats — along with keeping abreast of risk transfer developments.
Those are just a few examples. The point is that organizations need to take on cyber risk with a united front. No one benefits when data is compromised or systems are shut down.
Embracing your role as a cyber risk stakeholder can make a difference. If well-trained employees flag a suspicious email that was an attempt to infiltrate the company, everyone benefits. If a facility manager knows how to respond to an attack that could interfere with critical systems, everyone benefits. If a board member asks to see how the firm came to its decision on cyber insurance limits, everyone benefits. And the list goes on.
To hear more about cyber risk management, listen to a replay of our New Reality of Risk webcast.