• Home
  • Gallagher News and Insights

8 go to resources for cyber risk management

Share this page

Here’s a fact: cyber risk management is a business imperative, not an IT one. And though awareness of cyber risks is growing in Australia, only 50% of Australian big businesses believe they have adequate plans in place to mitigate a cyber security crisis.

Effective cyber risk management is everyone’s responsibility, but it begins at the leadership level. Ensuring that risk managers, board members and C-level executives are aware of the risk exposures is critical for understanding, managing and transferring risk.

But where do you start? How can you help your leaders and colleagues (and yourself) develop a more comprehensive understanding of cyber risk? Your insurance broker should be your first port of call for risk management advice, but these 8 resources for cyber risk management are helpful too.

1.    Australian Cybercrime Reporting Network (ACORN)

ACORN is a reporting and referral service for victims of cybercrime, but it’s also a hub for helpful cyber risk management resources. It’s geared towards consumers but the website contains useful information for companies, including:

  • Statistical reports, published quarterly, which provide a breakdown and analysis of reports received through the ACORN;
  • Fact sheets and other materials to raise awareness of cybercrime; and
  • Advice and information about cybercrime and how to prevent it.

2.    Assessing Cyber Risk by Deloitte

This free guide by Deloitte is an excellent resource for cyber risk management, especially for companies with a fairly nascent risk management programme.

Published in 2016, the guide contains 10 questions designed to help C-suite level decision makers assess their organisation’s cyber risk maturity level:

“This list of key cyber risk questions and accompanying range of responses should effectively guide organizations in assessing their cyber posture, challenge information security teams to ask the right questions and provide critical information, and help consistently monitor and improve cyber resilience going forward. These questions are designed to help you identify specific strengths and weaknesses, as well as paths to improvement.”

Read and answer the questions here.

3.    Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence. In addition to its primary mission, the organisation provides information security advice and services (mainly to federal and state government agencies) and publishes many useful cyber risk management resources including:

4.    Institute of Risk Management (IRM)

Based in the UK, the Institute of Risk Management hosts a range of cyber risk management material on its website and Online Resource Centre

On the IRM website you’ll find thought leadership articles, a cyber risk summary, and reports for risk management practitioners. You can also access a number of cyber risk management resources in the Online Resource Centre, but you’ll need a login and password to access them. The IRM also publishes Enterprise Risk Magazine, a must-read publication which often features editorials about cyber risk.

5.    The Australian Cyber Security Centre (ACSC)

The ACSC is a ‘hub for private and public sector collaboration and information-sharing’ designed to help combat cyber security threats. On its website you can report a cyber security incident, read the latest national cyber security news and access the centre’s publications.

Useful publications and cyber risk management resources on the ACSC website include:

6.    Scamwatch

Scamwatch is a website run by the Australian Competition and Consumer Commission (ACCC) that provides information to consumers and businesses about known scams – and how to avoid them.

The website publishes useful scam statistics as well as news and alerts about recent scams. You can also report a scam to the ACCC, learn more about types of scams and access advice for businesses.

Risk Management professionals will benefit from the reports and factsheets published by Scamwatch as well as Scamwatch Radar, a newsletter which delivers email alerts on the latest scams.  

7.    Australian Securities & Investments Commission (ASIC)

As Australia’s corporate, markets and financial services regulator, ASIC publishes a wealth of material that’s useful for cyber risk management. It regularly publishes articles and advice on issues relating to corporate governance, risk identification and risk management. Some articles are point-in-time statements, but they’re still useful. Here are some highlights:

8.    The AJG blog

This list wouldn’t be complete without mention of our own blog. We regularly publish helpful articles about topics such as cyber risk management, mandatory data breach reporting, ransomware and mitigating cyber risk. Our quarterly Market Overview Report also contains unqiue insight into cyber management and risk exposures, and is free to download.

Cyber risk management: a priority for every company

No business, organisation or individual can afford to ignore cyber risk. That’s why it’s important to understand and mitigate risks with a comprehensive cyber risk management plan and the right cyber insurance.

Check out these 8 resources and talk to your insurance broker about your company’s cyber risk maturity. They will help you understand your exposures and help you mitigate cyber risk with the right insurance.

Join the conversation