20 June 2017

8 go to resources for cyber risk management

Here’s a fact: cyber risk management is a business imperative, not an IT one. And though awareness of cyber risks is growing in Australia, only 50% of Australian big businesses believe they have adequate plans in place to mitigate a cyber security crisis.

Effective cyber risk management is everyone’s responsibility, but it begins at the leadership level. Ensuring that risk managers, board members and C-level executives are aware of the risk exposures is critical for understanding, managing and transferring risk.

But where do you start? How can you help your leaders and colleagues (and yourself) develop a more comprehensive understanding of cyber risk? Your insurance broker should be your first port of call for risk management advice, but these 8 resources for cyber risk management are helpful too.

1.    Australian Cybercrime Reporting Network (ACORN)

ACORN is a reporting and referral service for victims of cybercrime, but it’s also a hub for helpful cyber risk management resources. It’s geared towards consumers but the website contains useful information for companies, including:

  • statistical reports, published quarterly, which provide a breakdown and analysis of reports received through the ACORN;
  • fact sheets and other materials to raise awareness of cybercrime; and
  • advice and information about cybercrime and how to prevent it.

2.    Assessing Cyber Risk by Deloitte

This free guide by Deloitte is an excellent resource for cyber risk management, especially for companies with a fairly nascent risk management programme.

Published in 2016, the guide contains 10 questions designed to help C-suite level decision makers assess their organisation’s cyber risk maturity level:

“This list of key cyber risk questions and accompanying range of responses should effectively guide organizations in assessing their cyber posture, challenge information security teams to ask the right questions and provide critical information, and help consistently monitor and improve cyber resilience going forward. These questions are designed to help you identify specific strengths and weaknesses, as well as paths to improvement.”

Read and answer the questions here.

3.    Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence. In addition to its primary mission, the organisation provides information security advice and services (mainly to federal and state government agencies) and publishes many useful cyber risk management resources including:

4.    Institute of Risk Management (IRM)

Based in the UK, the Institute of Risk Management hosts a range of cyber risk management material on its website and Online Resource Centre

On the IRM website you’ll find thought leadership articles, a cyber risk summary, and reports for risk management practitioners. You can also access a number of cyber risk management resources in the Online Resource Centre, but you’ll need a login and password to access them. The IRM also publishes Enterprise Risk Magazine, a must-read publication which often features editorials about cyber risk.

5.    The Australian Cyber Security Centre (ACSC)

The ACSC is a ‘hub for private and public sector collaboration and information-sharing’ designed to help combat cyber security threats. On its website you can report a cyber security incident, read the latest national cyber security news and access the centre’s publications.

Useful publications and cyber risk management resources on the ACSC website include:

6.    Scamwatch

Scamwatch is a website run by the Australian Competition and Consumer Commission (ACCC) that provides information to consumers and businesses about known scams – and how to avoid them.

The website publishes useful scam statistics as well as news and alerts about recent scams. You can also report a scam to the ACCC, learn more about types of scams and access advice for businesses.

Risk Management professionals will benefit from the reports and factsheets published by Scamwatch as well as Scamwatch Radar, a newsletter which delivers email alerts on the latest scams.  

7.    Australian Securities & Investments Commission (ASIC)

As Australia’s corporate, markets and financial services regulator, ASIC publishes a wealth of material that’s useful for cyber risk management. It regularly publishes articles and advice on issues relating to corporate governance, risk identification and risk management. Some articles are point-in-time statements, but they’re still useful. Here are some highlights:

8.    The AJG blog

This list wouldn’t be complete without mention of our own blog. We regularly publish helpful articles about topics such as cyber risk management, mandatory data breach reporting, ransomware and mitigating cyber risk. Our quarterly Market Overview Report also contains unqiue insight into cyber management and risk exposures, and is free to download.

Cyber risk management: a priority for every company

No business, organisation or individual can afford to ignore cyber risk. That’s why it’s important to understand and mitigate risks with a comprehensive cyber risk management plan and the right cyber insurance.

Check out these 8 resources and talk to your insurance broker about your company’s cyber risk maturity. They will help you understand your exposures and help you mitigate cyber risk with the right insurance.


Connect with an expert

 

Further reading

Cyber insurance

Do I need cyber-liability insurance?


Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312