Cyber risk is a relevant topic for every executive across all industries. World Economic Forum evaluated cyber-attacks as the 3rd most likely and 6th most impactful risk (Global Risks Report 2018). In his recent article, Marko Buuri, Principal Risk Management Consultant at F-Secure, summarizes the main areas every executive should look for in cyber security risk management.
Well thought-out risk stories are a sign of a good security risk culture
”As an executive, you should know that your company’s risk management processes have a better chance of being effective once you have produced verbose explanations of how cyber security risks are expected to actualize, who are the attackers, what are the weak spots, and how a successful breach would impact your business”, Buuri says.
Valuable security risk definitions read like stories. These stories end at business incidents, such as a breach of confidential information or a disruption in production. Each incident is then connected to specific forms of loss.
Can you quantify your cyber risk?
Cyber incidents put your operations to a halt and it takes time and effort to remedy the situation, which leads to losses. It makes a lot of sense to quantify the financial impact of cyber risk.
”After all, insurances and security improvements cost money, and comparing those estimates against a color-coded risk registry is like comparing apples to oranges. Only after proper identification of risks as stories, it becomes possible to take an analytical look at evaluating them” Marko Buuri explains in his article.
As an executive, you should expect that your company is applying proper financial evaluation methods to assess the most significant cyber security risk scenarios.
F-Secure’s Cyber Breach Impact Quantification service allows companies to accurately estimate different types of operational losses – no longer relying on guesstimates or ballpark figures.
This post is based on an article by Marko Buuri: What Every Executive Should Require from Cyber Security Risk Management