Cyber Risk Management – Response and Recovery
Article Synopsis :
‘Cyber Risk Management, Response and Recovery’ from Marsh & McLennan, in partnership with WomenCorporateDirectors (WCD), presents the most up-to-date insights around cyber governance and strategy toward helping directors across all industries cope effectively with increasingly complex cyber threats in an increasingly digital world.
The report is organized in thirteen concise sections, as follows:
- A HEIGHTENED FOCUS ON RESPONSE AND RECOVERY
- REGULATION ON THE RISE
- LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD PARTY RISK
- FRUSTRATIONS WITH OVERSIGHT
- EFFECTIVE OVERSIGHT BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK
- THE ROLE OF CYBER INSURANCE
- CYBER INSURANCE ADOPTION IS INCREASING
- LIMITING FINANCIAL LOSSES
- OPTIONS FOR COVERAGE
- COMMON INSURANCE OVERLAPS
- PROTECTING DIRECTORS AND OFFICERS
- TEN QUESTIONS TO ASK MANAGEMENT ABOUT YOUR ORGANIZATION’S CYBER READINESS
- GUIDE TO CYBER COVERAGE OPTIONS
Your interest in specific sections of the report will be guided by your answers to the ten highly relevant and insightful questions posed in Section 12:
- What cyber risk management framework does your organization use to assess and benchmark your approach and risk profile (e.g., NIST)?
- Given management’s assessment of your cyber risks and mitigating procedures, where are your most significant residual vulnerabilities?
- Where do you rank in cyber preparedness compared to relevant peers and how frequently does management perform cyber scenario testing/war games? How do you benchmark your performance?
- Which leaders across your organization have accountabilities for cyber risks within IT, functions, business and operational areas, etc.? How do you ensure sufficient resources are dedicated to each?
- How are your business continuity/resiliency plans adapting in response to dynamically evolving cyber threats? For example, what company policy and protections are in place regarding ransomware threats and related payments? Do these plans consider local laws?
- Have you quantified and assessed the potential financial impact of an interruption caused by a cyber event?
- Do you have a dedicated cyber insurance policy, or are you relying on add-on products or blended coverages? What exposures do your cyber insurance coverage address and what risks have you elected not to insure?
- What are the limits of liability of cyber insurance that you have available, and how can you determine if they are sufficient?
- How often is the board updated on the status of cyber risk management and cyber insurance coverage, and what is the format of that report?
- How have you compared your cyber insurance program to your fundamental risk profile, as well as to similarly-situated peers in your industry, or those with similar risk/threat profiles?
Link to Full Article:: click here
Digital Insurer's CommentsThis report is useful from two perspectives. First, it explores and shares the thinking of the typical corporate director on the highly dynamic subject of cyber risk. Second, it explores the critical role insurers play in advising directors on fit-for-purpose insurance solutions.
Cyber is the fastest growing line of business in commercial insurance today. To sell corporate directors what corporate directors’ buy, insurers must see the world through corporate directors’ eyes. And this report is a great help.
Link to Source:: click here