As investments in Cyber Security increase, many Boards and C-Suite executives are asking “how much is our true exposure to potential cyber losses?”, “how do we know our investment in Cyber Security is proportional to our exposure?”, “how much investment is good enough?”. The answer to this often starts with quantification of an organisation’s Cyber Risk exposure. However, in our experience, very few organisations have a comprehensive understanding of how much they could potentially lose in case of a Cyber-attack.
Quantification would help organisations understand their exposure, and provide them a baseline to prioritise strategic investments. It brings about an awareness beyond the Technology function into Risk, Business and the Boardroom, where informed decisions around risk hedging and insurance policy can be taken. It creates a level of awareness on Cyber Exposure across the organisation (for example, with the Legal and Communications teams) that is difficult to achieve otherwise, enabling preparedness in scenario response.
Oliver Wyman’s paper on “Navigating Cyber Risk Quantification: The Art and Science of Quantification Through a Scenario-Based Approach” provides a structured approach to estimating Cyber Risk Exposures. The paper, through the use of real examples, describes how to avoid common pitfalls while detailing and quantifying scenarios. Quantifying cyber risk requires developing clear and precise scenarios specific to the organisation – this has not been attempted by many organisations and makes the process of quantification challenging. The process also requires working very closely with stakeholders across the organisation, and leveraging a combination of internal and external data as well as external subject matter expertise, and tailoring them to the organisation’s current context.
Conducting cyber risk quantification is a useful exercise to guide strategic conversations on Cyber Resilience around where to invest, how much to invest, and what kind of mitigation could be pursued, e.g. through Cyber Insurance coverage. By quantifying cyber risk, organisations can also open informed discussions throughout the organisation – on how and what the organisation can do to increase its cyber resilience and build capabilities. Ultimately, this will help the organisation realise that the fight to protect against cyber-attacks is not an IT or Risk function responsibility, but one for the whole organisation.
Follow Us on Social @mmc_global
“I have the best job ever! I love being able to connect talent to opportunity, and it’s especially rewarding when it’s a candidate I’ve gotten to know over time and have watched their #career evolve.” — Amy Vogt, Sr. #TalentAcquisition Consultant #CandidateExperienceDay https://t.co/a1qRAKNtP6
Which countries experience the most significant #cyberattacks? According to research, the U.S. has lead the way since 2006. https://t.co/vt5Fzm6LKA @wef @Zurich #cybersecurity #risks https://t.co/v4lMBUvX4h
For employees, digital tools can help lower barriers to access and utilization of #mentalhealth services, including stigma, lack of awareness, waiting times, inconvenience and costs. Learn more in our paper: https://t.co/9eRxJDhECB #COVID19 #digitalhealth https://t.co/jWnUyP8mS9
Are you ready for twin-track #pension funding? Join @UKMercer's virtual event with @ftlive as they discuss the proposed changes impacting #UK schemes. https://t.co/yYN7gnpPRt #MercerEvents #FTDigitalDialogues https://t.co/IZjeK3q45z
“My parents showed incredible #resilience moving on from the horrors of the Holocaust. They made a good life for themselves, my brother, and me, and raised us to love and respect others.” — Eric Alter, Senior VP, Corporate Risk Engagement Leader, @MarshGlobal UK #WeRemember https://t.co/hcPHHdAPzZ
In order to prevent #climate disasters, emergency management officials aim to funnel up to $10B and our own @dankandc says this plan "would dwarf all previous grant programs of its kind." Learn more via @nytclimate: https://t.co/cAEigQRUJp #NaturalDisaster #ClimateChange https://t.co/kS442lZqQa
RT @nytclimate: Federal researchers have reported that for every $1 the government spent to protect a community before a disaster, it saved…
With businesses facing a prolonged uncertainty, it’s vital that #risk managers foster courage within their teams to move forward with a positive mindset. @OliverWyman shares types of courage that managers should encourage: https://t.co/FucSJkTgAN #leadership #riskmanagement https://t.co/clu37ZbDOb
What's worrying the world in 2021? The 2021 Global #Risks Report, in partnership with @wef, @Zurich and SK Group, shares insight: https://t.co/YfW6Q4fB26 #FutureofWork #COVID19 https://t.co/UnRzLUwQhD
The #pandemic has forced conversations on how we understand, prepare and manage #risks in a fast-changing environment. @CarolinaKlint of @MarshGlobal shares insight on the 2021 Global Risks Report via @BRINKNewsNow: https://t.co/Ae51ZUsLfY #COVID19 https://t.co/eTRbHC8GQF