FERMA presentation at Parima conference

Information Security and Big DataA Risk Perspective

PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE

WHERE WE ARE

22 member associations in 20 countries

Over 4500 individual members who are responsible for risk management and/or insurance in their organisations


MEMBER ASSOCIATIONS


WE LIVE AND WORK IN A RISKIER WORLD

The Context of Big Data: high-volume, high-velocity and high-variety information assets that demand cost-effective innovative forms of information processing for enhanced insight and decision making (Gartner)

Fiscal crises in key economies

High unemployment/underemployment

Water crises

Income disparity

Failure of adaptation to climate change


FERMA's 2014 EUROPEANRISK AND INSURANCE REPORT


RESILIENCETHE NEW RISK MANAGEMENT?

Resilient companies have exceptional risk radar to detect changes in the external and internal situation 1

Resilient companies have diversified resources and assets to facilitate alternative approaches and adaptation to change 2

Resilient companies build strong relationships and networks, both internally and externally 3

Resilient companies have the ability to respond rapidly and decisively to an emerging crisis 4

Resilient companies review and adapt based on experience and changing circumstances5

PwC


ENTERPRISE RESILIENCETHREE KEY MESSAGES

1

2

3

Enterprise resilience is about long-term surviving and thriving

Resilience is generated (and lost) by who we are, what we know, what we do and how we do it.

Well understood resilience can be measured, manipulated and leveraged

PwC


1. Point of sale intrusions2. Web app attacks3. Insider and privilege misuse4. Physical theft and loss5. Miscellaneous errors6. Crimeware7. Payment card scams8. Denial of service9. Cyber espionage

Corporate espionage on the rise Internal employees, business

partners, and collusion threats make up less than 10 % of data thieves

Hacked stolen credit cards led the way in root cause

Hacks were discovered more often by internal employees than by outsiders

Physical tampering of ATMs made the list in a big way

NINE BASIC PATTERNS OF THREAT

2014 Data Breach Investigations Report - Verizon


INFORMATION SECURITY IS ABOARD ROOM ISSUE

Risk management is fundamental to organizational control and critical to providing sound corporate governance

Risk touches all of the organization’s activities The establishment of an effective enterprise-wide risk management

system is a key responsibility of Top Management and the Board The Board is responsible for adopting a system for the identification

of risks, creating controls to mitigate those risks, and monitoring and reviewing the identified risks and established controls

The Board should ensure that risk management is integrated into the organization, at the strategic and operational level

Increasingly directors are being held accountable for the security of customer information and other sensitive data under their control

The Board is at risk if they do not manage threats and opportunities arising from the way they manage information


CHECKLIST FOR THE BOARD

1. Implement a board-led holistic approach to cyber risk and opportunity and ensure there are board members with the expertise to help drive this

2. Maintain a dynamic and agile stance on cyber which can be adapted to rapidly changing risks

3. Develop a cyber risk appetite based on the trade-offs between security and system usability

4. Map all areas of technological infrastructure, data-related tools, systems and processes

5. Link physical data and security policies with your cyber-risk approach

6. Improve the understanding of information and systems and implement an approach to ensure good practice security standards are followed

7. Develop and rehearse a response plan


HOW TO IMPROVE CYBER SECURITY

10 Steps to Cyber Security – CESG - 2012


INFORMATION RISK MANAGEMENT REGIME


CYBER RISK INSURANCE STILL EVOLVING• 72% of companies surveyed do not purchase stand-alone cyber

cover (defined as a separate cyber insurance policy and not as a sum of partial covers under property, liability and crime policies etc)

• Purchase pattern varies by sector• Sector purchase distribution

2014 FERMA Risk and Insurance Report


CYBER IS AN ENTERPRISE RISK

Cyber is not only an IT risk Cyber demands enterprise-wide governance and management More innovation in risk management and insurance is required We live and work in a riskier world:

Organizations need solutions for the conventional and unconventional Are insurers up to the challenge? Are brokers up to the challenge? Are risk managers up to the challenge?

"It’s about the people you have, how you are led, and how much you get it"Steve Jobs

FERMA presentation at Parima conference

Business

Transcript of FERMA presentation at Parima conference