Story image

Cyber risk appetites: How hungry is your organisation?

09 Jun 2016

A new report from RSA has outlined a new framework for organisations, designed to help them create stronger cybersecurity objectives.

According to RSA, businesses need to determine their cyber risk appetite. As businesses strive to improve performance, many of the fundamental moves they undertake expose them to new cyber risks, it says.

The framework, issued in a report RSA prepared with support from Deloitte Advisory Cyber Risk Services, is designed to give organisations a new to factor cyber risk into their overall risk appetite and to define the level of cyber risk they are willing to accept in the context of their overall business strategy.

“Since organisations can’t turn the clock back on globalisation, outsourcing, extending their third-party networks and moving to the cloud, they will need to realign their thinking about risk,” RSA says.

According to the report, entitled Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise’, organisations need a systematic process for defining and comprehensively categorising sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.

“Cyber risk is a critical issue in today’s organisations, touching aspects of business risk, regulation and technology,” says David Walter, RSA general manager, Global GRC.

 To effectively deal with these risks, executive decision-makers need to understand their organisations’ cyber risk appetites’ – balancing the nature and magnitude of those risks against the benefits a strategic shift would deliver. Then they can make more informed decisions,” he explains.

To effectively assess their cyber risk appetite, the report recommends that organisations take a comprehensive inventory of cyber risks, quantify their potential impact and prioritise them.

“Organisations need to ask the right questions, such as what losses would be catastrophic, and what information absolutely cannot fall into the wrong hands or be made public,” says Walter.

“They need to prioritise the risk according to impact, ranking mission- and business-critical systems ahead of facets like core infrastructure and extended ecosystem (supply chain management applications and partner portals) and external public facing points of interaction. Prioritisation needs to be an ongoing process involving constant evaluation and re-evaluation.”

The report says an organisation’s ability to quantify cyber risk and make informed decisions about their cyber risk appetite will put them in a position to succeed.

Emily Mossburg, partner, Deloitte & Touche LLP and Deloitte Advisory Cyber Risk Services Resilient Practice leader, says, “The very fundamental things that organisations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk.

“Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology,” she says.

“Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver, and then make more informed decisions.”

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.