New Guide for Businesses to Defend Against Cyber Attacks
The Financial Management of Cyber Risk: An Implementation Framework for CFOs lays out a well-thought out cyber security plan framework. It is the answer for those senior executives who may still be thinking that they won't suffer a data breach or be victimized by cyber thieves -- or even be defrauded by their own employees. This is a practical, easy to understand framework developed by a cross-sector taskforce of more than 60 industry and government experts.
The guide, produced by the Internet Security Alliance and the American National Standards Institute, is a direct response to President Obama's Cyberspace Policy Review, which asked for a program to help assign monetary value to cyber risks and consequences, helping senior execs to address cybersecurity needs.
This is a practical, easy to understand framework developed by a cross-sector taskforce of more than 60 industry and government experts.
I'm betting that everyone reading this could do with a review of this 76-page report. It covers the financial impact of cyber risks from an enterprise-wide view, and its chapters touch on the core business functions of any sized organization in any industry. Financial institutions should be telling their business customers about this guide, too. I'll offer that it may be the best thing that you can give them to start their journey to cyber security.
Along with the big strategic questions, the guide has sample charts to help calculate the probability and severity of financial loss from both risk events and the actions taken to mitigate them.
One example of the type of risk mitigation questions asked:
Question: "What are the other benefits of purchasing a specific cyber risk insurance policy?"
Answer: "A framework for determining comparative benefit --In addition to the obvious benefit of legal and first-party expense reimbursement, the purchase of a specific cyber risk policy has a number of other indirect benefits, including:
- "The ability to obtain an objective, usually free, review of a company's network security by a third party (i.e., the insurer or its agent);
- "A better ability to understand the company's risk level compared to its peers (by examining the differences in premiums);
- "Better quantification of net financial risk;
"Finally, the demonstration of the successful ability to purchase insurance could be a favorable factor with the company's regulators, or even in litigation."
The guide also includes a list of standards and reference documents to help businesses develop comprehensive risk management frameworks.
So don't just sit there, dragging your heels, waiting for something to happen to your business or for your business customers to develop their own plan of action. Why wait while your company's reputation is hurt and money and data flow out to the hands of criminals? Make this guide the place you draw the line in the sand -- 21st century cyber risk mitigation starts here and now.