Menu

How to effectively manage cyber risk.




How to effectively manage cyber risk.
On Monday the 29th, FIDE held a breakfast event with the participation of Jeffrey Batt, Vice President in Marsh’s Cyber Practice and the Academic Director of the Global Master in Cybersecurity of ISDE.. Afterwards, a debate took place with the intervention of Raúl Rubio, Partner of the IP/ITC department at Baker McKenzie, as moderator.

 
Batts’s initial presentation focused on the following topics:
 
  • Defining cybersecurity as a holistic organizational function and necessity.  It is a frame of mind that should guide all organizational activities, including legal, compliance, privacy, HR, marketing, finance, IT and information security.  Similar, senior leadership and boards need to have a broad understanding of the organizational assets (especially data and human capital) impacted by cyber risk, along with what stakeholders are doing in connection. 
  • Cybersecurity consisting of highly interconnected topical areas, such as technology, policy/processes, and people.  For example, restricting network access to only certain users is an example of a solution that impacts all three categories:  a corporate policy mandates the network access restriction, the restriction is executive by an information security team, and one of the policy’s core objectives is to limit human error.  Due to this interconnectedness, it’s imperative that organizations think about cybersecurity solutions as linked enterprise risk management tools and not in terms of silos.
  • The importance of risk transfer and threat intelligence as core components of an organization’s cybersecurity practices.
  • Current and future threats and vulnerabilities:  ransomware (business interruption costs, WannaCry), physical damage (Stuxnet, Aramco attack, attack on Ukrainian grid in December 2015), IoT (Dyn, DDoS attacks impacting structural components of the Internet), data manipulation. 
  • Big picture:  the complex issues are evolving on a daily basis, and require a mix of technical understanding, but importantly legal and policy guidance, to ensure that both organizations – and society on a broader level – are designing and implementing effective cybersecurity solutions.
 
The debate revolved around the following matters:
 
  • Should software developers be liable for vulnerabilities in its products, or should there be an expectation that businesses will perform basic due diligence in patching and updating products?
  • What are the legal ramifications related to third party/vendor risk, and related contractual issues?
  • How does cyber insurance provide balance sheet transfer for organizational cyber risk, and what exactly does it cover?
  • How can the public sector partner help the private sector in enhancing cyber resiliency?




L M M J V S D
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    












Semblanzas Fide

Síguenos en redes sociales
Facebook
Twitter
LinkedIn
YouTube Channel
Rss