Putting Cyber Risk on the Boardroom Agenda

While most Australian organisations have become familiar with the warnings to heighten their cyber security, last week’s revelation by the Australian Signals Directorate that cyber attacks on our businesses and government rose 20 per cent in 2014, confirms the rapid speed at which the threat is growing.

This statistic from the Department of Defence’s intelligence agency is a swift and timely follow up for many Marsh clients who attended a recent breakfast seminar on cyber risks in Sydney hosted by Marsh & McLennan Companies (MMC). The event on Thursday 16 April saw some 100 representatives from Australian business community hear from the ASIC Commissioner, Cathie Armour, as she spoke about the regulator’s recent efforts to encourage greater awareness of the risk within the Australian companies, particularly at the board and director level. The Commissioner stressed the importance of greater engagement and collaborations with both industry and government in developing appropriate measures.

The briefing also introduced Verizon’s 2015 Breach Investigations Report, one of the first public presentations following the release of the report two days earlier.

The event coincided with a visit to Australia from MMC’s President and CEO, Dan Glaser, who provided a global perspective and shared with the group his personal sentiment  that ownership of cyber risk  starts at the top, with the CEO Role basically doubling as a shadow role as Chief Information Officer.     

In a robust panel discussion, subject matter experts from each of the MMC companies provided their perspectives on how organisations could better approach the risk.

Susan Elias and Costa Zakis offer some of the pertinent points that emerged from the panel discussion:

Understanding the threat to your organisation

The journey to becoming cyber resilient begins with understanding the extent and scope of a firm’s cyber risk exposures, which would typically include:

• Cyber risk identification
• Cyber risk assessment
• Cyber risk quantification

The team at Marsh Risk Consulting can assist in this endeavour, with specialists available to:

• Develop or update risk registers of cyber and privacy risks
• Undertake both cyber resilience reviews and privacy resilience reviews
• Develop, implement and test a cyber incident response plan
  

Transferring the cyber risk

Importantly, Marsh is also able to help facilitate risk mitigation insurance solutions through the following activities:

• Undertaking an  insurance gap analysis, mapping cyber security and privacy exposures against current insurance arrangements
• Formulating cyber risk profile and determine key coverage requirements
• Negotiating tailored cyber insurance quotes aligned with key coverage requirements
• Recommending an appropriate, bespoke cyber insurance solution

As every firm’s cyber risk profile will be unique, overlaid against the varying policy forms available in the market, it is important that the appropriate cyber insurance solution be tailored as noted above.

Responding to a cyber attack

For many organisations, the culmination of the cyber journey may be with a cyber attack, no matter their risk mitigation defences.

At this point in time, analysts from the Forensic Accounting and Claims Services team have specialised skills to assist with the crisis management  response, as well as the forensic analysis to determine where the breach occurred and ways to remedy it.