Cyber Risk Management – Response and Recovery

Article Synopsis :

‘Cyber Risk Management, Response and Recovery’ from Marsh & McLennan, in partnership with WomenCorporateDirectors (WCD), presents the most up-to-date insights around cyber governance and strategy toward helping directors across all industries cope effectively with increasingly complex cyber threats in an increasingly digital world.

This report explores cyber risk at the board level from both the risk assessment and coverage perspectives 

The report is organized in thirteen concise sections, as follows:

1. A HEIGHTENED FOCUS ON RESPONSE AND RECOVERY
2. REGULATION ON THE RISE
3. LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD PARTY RISK
4. FRUSTRATIONS WITH OVERSIGHT
5. EFFECTIVE OVERSIGHT BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK
6. THE ROLE OF CYBER INSURANCE
7. CYBER INSURANCE ADOPTION IS INCREASING
8. LIMITING FINANCIAL LOSSES
9. OPTIONS FOR COVERAGE
10. COMMON INSURANCE OVERLAPS
11. PROTECTING DIRECTORS AND OFFICERS
12. TEN QUESTIONS TO ASK MANAGEMENT ABOUT YOUR ORGANIZATION’S CYBER READINESS
13. GUIDE TO CYBER COVERAGE OPTIONS

Your interest in specific sections of the report will be guided by your answers to the ten highly relevant and insightful questions posed in Section 12:

1. What cyber risk management framework does your organization use to assess and benchmark your approach and risk profile (e.g., NIST)?
2. Given management’s assessment of your cyber risks and mitigating procedures, where are your most significant residual vulnerabilities?
3. Where do you rank in cyber preparedness compared to relevant peers and how frequently does management perform cyber scenario testing/war games? How do you benchmark your performance?
4. Which leaders across your organization have accountabilities for cyber risks within IT, functions, business and operational areas, etc.? How do you ensure sufficient resources are dedicated to each?
5. How are your business continuity/resiliency plans adapting in response to dynamically evolving cyber threats? For example, what company policy and protections are in place regarding ransomware threats and related payments? Do these plans consider local laws?
6. Have you quantified and assessed the potential financial impact of an interruption caused by a cyber event?
7. Do you have a dedicated cyber insurance policy, or are you relying on add-on products or blended coverages? What exposures do your cyber insurance coverage address and what risks have you elected not to insure?
8. What are the limits of liability of cyber insurance that you have available, and how can you determine if they are sufficient?
9. How often is the board updated on the status of cyber risk management and cyber insurance coverage, and what is the format of that report?
10. How have you compared your cyber insurance program to your fundamental risk profile, as well as to similarly-situated peers in your industry, or those with similar risk/threat profiles?

Link to Full Article:: click here

Link to Source:: click here