Cyber risk and risk management

The risks and opportunities which digital technologies, devices and media bring us are manifest.  Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation's risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them.

What do we mean by cyber risk?

‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. 

It will never happen to us….

All types and sizes of organisations are at risk, not only the financial services firms, defence organisations and high profile names which make the headlines. 

IRM’s Cyber risk practical guidance

IRM’s Cyber and Information Management Special Interest Group (SIG) conducted extensive research into the dynamic issue of cyber threats to business, governments and global enterprises. They have produced a practical guide for risk professionals and senior executives to help demystify the issue of cyber risk.

Members of the group commented ‘the true extent of the risk has yet to be assessed – let alone managed. And the threat is very real. Risk professionals need to wake up and smell the coffee before it is too late’.

---

Cyber risk: Nightmare or opportunity?

BAE Systems Applied Intelligence and IRM present a journey in cyber risk perception – from doom and gloom to added value in the boardroom. A crossroads has been reached. Cyber risk can either continue to be seen as negative – as another potential set of costs, complicate procedures and incoming legislative demands – or firms can use good cyber risk management as a differentiator from competitors as a selling point to clients, and as a measure of reassurance to stakeholders. Download the article (PDF)

---

Cyber risk roundtables

IRM held a series of high-level cyber risk roundtables in association with BAE Systems Applied Intelligence under the Chatham House rule. Held at prestigious locations such as Claridge’s, the roundtables brought together leading heads of risk management, heads of information from major organisations, IRM representatives and experts from BAE Systems. Discussions included organisational exposures, boardroom engagement, the impact of cyber-attacks and how to develop effective risk and resilience strategies.  

Telling quotes:

• ‘It’s becoming crucial to understand the threat and to start viewing the world from a cyber perspective.’

• ‘It’s very embarrassing to admit it, being who we are, but we have suffered serious cyber attacks and also had our telephone systems commandeered.

• ‘Many organisations are stuck in a reactive mode, but fear prevents action. We need to examine the opportunities to come out of this’.