Identifying Cyber Risks: The Important Role of Senior Management
It is becoming more and more evident that cybersecurity is one of the focal points regarding security risks in the twenty-first century for all organisations.
It is understandable that almost every organisation which has access to any kind of computing devices will be at risk and will probably experience harmful cyber incidents. Hackers, whether individually or state-sponsor cyber-attacks, are increasingly finding ever more creative methods to bring cyber mayhem. This is ever more likely with expansion of mobile devices and the evolution of computing capabilities through the introduction of advanced technologies such as, the Internet of Things, cloud computing and big data.
This brings risk management to the top of agenda in large organisations.
We know that the goal of risk management is to maximise the output of the organisation that includes services, products, revenue, and so on, while minimising the risk for unanticipated results.
Information security and cyber security programs are successful if they are strategically aligned with organisations’ risk management strategies. Senior executives should recognise this dependencies and plan adequately for cyber threats.
However, based on the “Cyber Security Breaches Surveys, 2016,” cyber security, which should be part of the big risk management strategy, it has only been highlighted by 69% businesses whom believe cyber security is a priority for senior managers. Therefore, 31% of them even do not recognise the cyber security as a priority.
The other main problem which has been identified by this report was only 51% of companies have taken recommended actions to identify cyber risk
The accountability lies with senior management.
The senior management team has a broad and clear view of the organisation strategic planning. Therefore, they are the only people who can effectively address and manage complex cyber security threats. But this requires an ongoing collaboration, clear communication channels and adequate security awareness by senior management team. Major information security risk factors may be left unchecked without coordinated oversight of senior management team and the rest of organisation.
The importance of such close cooperation becomes even more critical if an enterprise do business globally. There are various forces beyond the control of senior management team which make it impossible to deal with the threats of cyber space, using traditional risk management. It requires, agility and has great dependency on senior management involvement with clear security awareness.
Organisations can and should build a strong security awareness foundation that be able to provide adequate cyber resilience. Senior management team should also evaluate threat trajectories from a position of risk profiling and business acceptability. This leads organisations to a position in which the can address cyber hygiene, cyber resilience and cyber warfare that would affect organisations as well as governments.
It can be concluded that senior management team is not just responsible for establishing the risk framework that will be used to define risk assumptions, risk constraints, risk tolerances, and risk priorities. But senior management team has a greater responsibility beyond risk framework. It must be fully engaged with all aspects of cyber risk factors and establishment of a clear coordinated efforts within organisations and all internal components of it.
Read the full article, originally published on Tripwire.