How do leaders and business managers anticipate and contain the diverse, often unknown, emerging cyber risks in the Insurance sector? Unsurprisingly, cybersecurity is a constant issue, often sitting at the top of many Board agendas. Many recent high profile incidents of hacking and cyber intrusion have brought home the harsh reality of what happens if a business does not get it quite right. With the move toward more diverse and complex infrastructures, progressive forward-thinking Risk Managers are ensuring that all areas are covered and brought into a coherent, commercially viable, risk strategy.
So who are pivotal figures in this process, and what is the responsibility of senior management? In the
FCA Business Plan 2017/18, Chairman John Griffith-Jones warned that cyber-resilience was a key risk area for the financial services industry. Broadly speaking, this warning was aimed at Board and ExCo, but more specifically the CEO, CFO, CIO, CTO, CISO, and GC, along with the Board Risk and Audit Committees. Progressive key players are not only promoting a strong CRO mandate, but also increasingly asking the ‘right questions’ ensuring they do not fall foul of their SIMR commitments.
With the above in mind, whilst there is no perfect solution to combat cybercrime and fraud, here are some key questions you should be asking:
- What is our organisational risk appetite?
- Is resilience built into our Target Operating Model?
- Are we adhering to existing frameworks or regulatory advice?
- Has each part of our business conducted a thorough Threat Analysis?
- Is adequate Penetration Testing being carried out regularly?
- Are regular business and IT audits being carried out?
Risk Managers cannot possibly deliver all of this personally, nor can their teams. However, they must ensure the business signs up to a plan.
About Norman Broadbent Interim Management
Our Interim Management network is composed of seasoned, delivery focussed executives. Many will have come from Big 4 or Strategy Consulting firms, as well as from senior roles in Financial Services. Whether they are focused on risk as a function, or around Programme Delivery, they support clients with timely expertise and, most importantly, assist in transforming organisations.
Some of the areas we have supported clients in include:
- Establishing Risk Appetite and delivering the three lines of defence model
- Provide Board-level credibility to secure funding for new initiatives
- Successfully deliver cyber programmes across Business and IT
- Emergency deployment and Disaster Recovery
If you would like to discuss this topic further or how
Norman Broadbent Interim Management can help your business, please contact Mike Davies on <u>
mike.davies@normanbroadbentinterim.com</u> or +44 (0) 20 7484 0067 for an initial and confidential discussion.