Cyber risk management requires more than boosting defenses, Marsh panel says

By Erin Ayers on September 23, 2015

Marsh200x200Cyber risk management requires an enterprise-wide approach and engagement with all stakeholders to be truly effective, according to a panel of experts speaking during a recent Marsh “New Reality of Risk” webinar.

Experts suggested that a traditional focus on defenses against cyber threats must shift to more awareness of corporate assets at risk, along with developing a response plan to potential security events. Cyber risk now involves much more than data breaches and hackers stealing credit card numbers, according to the panel.

“Even an unlimited budget for information security is not going to eliminate your cyber risk. That means that the organization needs to embrace cyber risk management,” stated Thomas Reagan, Marsh’s cyber practice leader. He cited the vulnerabilities of cash, securities, data integrity, technology infrastructure, corporate reputation and other assets to cyber threats such as extortion, hacktivism, and spear phishing.

Brian Elowe, Marsh global risk management managing director and moderator of the panel, added that cyber risk management requires buy-in from every department of a company.

“Everyone in your organization truly has a stake in managing your risk,” he said.

Based on a series of questions fielded by the webinar audience, it appeared that listeners were evenly split between ‘yes,’ ‘no,’ and ‘not sure’ in terms of whether their organizations have a handle on cyber risk management and all stakeholders in the process have been identified.

“A comprehensive response means engaging the entire org, because the entire org is at risk from cyber threats,” said Marsh’s Reagan.

He noted that “risk managers need to understand the connectivity between stakeholders.” This includes both c-level executives, as well as boards of directors.

“Lawsuits can follow within hours” of a security event, particularly if the board has not properly assessed and managed cyber risk, Reagan added.

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].