[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Banks And Insurance Companies Aware Of Cyber Risks: Opportunities Remain To Become More Resilient
Nearly two-thirds (63%) of more than 900 C-suite executives around the world who participated in a recent Accenture Strategy study, âBusiness Resilience in the Face of Cyber Risk,â reported that their companies experience significant cyber attacks daily or weekly. Banking executives responded in kind with the same frequency, and 59% of insurance executives responded likewise.
The findings are consistent with the â2015 Accenture Global Risk Management Studyâ which found that nearly two-thirds of banking executives (65%) and 74% of insurance executives expect cyber IT risks to increase. Given that, these executives expect to hire more people who are experts in managing cyber risks. For these executives, the question is not âifâ but âwhenâ an event will occur.
Although the chief information officer (CIO) is most frequently cited as being responsible for resilience management at insurance companies and banks (61% and 41%, respectively), successful enterprises recognize that responsibility for resilience and agility should not just fall to the CIO, chief risk officer or chief information security officer. On average, companies tend to have two executives in their C-suite who are responsible for continuously monitoring and improving their business resilience.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8fc28dc793&e=20056c7556
Using the COSO Framework to Mitigate Cyber Risks
Cyber risks cannot be avoided, but such risks can be managed better through careful design and implementation of appropriate controls. Using the internal control framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as a guide, organizations can build preventive and detective controls aimed at mitigating cyberthreats to an acceptable level.
The 2013 COSO Framework comprises five internal control components and 17 related principles. The Framework recommends that organizations perform a risk assessment to define its objectives, evaluate cyber risks that can hinder objectives and develop a priority list of critical information systems to protect against identified risks before they begin designing and implementing control activities.
Control structures should be deployed in a layered approach that helps prevent infiltrators from accessing subsequent information systems after the initial layers of defense are compromised. âOne of the most important questions an organization should consider when designing control activities is whether its cyber environment is protected by different layers of security,â said Mary Galligan, a Deloitte Advisory director at Deloitte & Touche LLP in Cyber Risk Services, and former FBI special agent in charge of Cyber and Special Operations for the New York office. âMultiple layers of effective defense means there is no one single point of failure, which is a critical element of cybersecurity and access management around data,â added Ms. Galligan.
Under the 2013 Framework, the monitoring component comprises activities performed by management to evaluate effectiveness of internal controls and communicate, manage and remediate identified deficiencies. âHowever, the complexities of cyber risk can be daunting, and the board and management may need technical IT concepts translated into how cyber risks affect an organizationâs objectives and business priorities to accomplish their oversight and risk management responsibilities,â observed Ms. Herrygers. Further, boards and management should be made aware of what value information systems provide with respect to meeting the organizationâs objectives. This information can help leadership define risk tolerance levels and direct adequate investment to protection systems critical to meeting an organizationâs objectives.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f78dd06bb9&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3e7183c266)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)