FERMA presentation at Parima conference
description
Transcript of FERMA presentation at Parima conference
Information Security and Big DataA Risk Perspective
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
WHERE WE ARE
22 member associations in 20 countries
Over 4500 individual members who are responsible for risk management and/or insurance in their organisations
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
MEMBER ASSOCIATIONS
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
WE LIVE AND WORK IN A RISKIER WORLD
The Context of Big Data: high-volume, high-velocity and high-variety information assets that demand cost-effective innovative forms of information processing for enhanced insight and decision making (Gartner)
Fiscal crises in key economies
High unemployment/underemployment
Water crises
Income disparity
Failure of adaptation to climate change
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
FERMA's 2014 EUROPEANRISK AND INSURANCE REPORT
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
RESILIENCETHE NEW RISK MANAGEMENT?
Resilient companies have exceptional risk radar to detect changes in the external and internal situation 1
Resilient companies have diversified resources and assets to facilitate alternative approaches and adaptation to change 2
Resilient companies build strong relationships and networks, both internally and externally 3
Resilient companies have the ability to respond rapidly and decisively to an emerging crisis 4
Resilient companies review and adapt based on experience and changing circumstances5
PwC
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
ENTERPRISE RESILIENCETHREE KEY MESSAGES
1
2
3
Enterprise resilience is about long-term surviving and thriving
Resilience is generated (and lost) by who we are, what we know, what we do and how we do it.
Well understood resilience can be measured, manipulated and leveraged
PwC
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
1. Point of sale intrusions2. Web app attacks3. Insider and privilege misuse4. Physical theft and loss5. Miscellaneous errors6. Crimeware7. Payment card scams8. Denial of service9. Cyber espionage
Corporate espionage on the rise Internal employees, business
partners, and collusion threats make up less than 10 % of data thieves
Hacked stolen credit cards led the way in root cause
Hacks were discovered more often by internal employees than by outsiders
Physical tampering of ATMs made the list in a big way
NINE BASIC PATTERNS OF THREAT
2014 Data Breach Investigations Report - Verizon
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
INFORMATION SECURITY IS ABOARD ROOM ISSUE
Risk management is fundamental to organizational control and critical to providing sound corporate governance
Risk touches all of the organization’s activities The establishment of an effective enterprise-wide risk management
system is a key responsibility of Top Management and the Board The Board is responsible for adopting a system for the identification
of risks, creating controls to mitigate those risks, and monitoring and reviewing the identified risks and established controls
The Board should ensure that risk management is integrated into the organization, at the strategic and operational level
Increasingly directors are being held accountable for the security of customer information and other sensitive data under their control
The Board is at risk if they do not manage threats and opportunities arising from the way they manage information
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
CHECKLIST FOR THE BOARD
1. Implement a board-led holistic approach to cyber risk and opportunity and ensure there are board members with the expertise to help drive this
2. Maintain a dynamic and agile stance on cyber which can be adapted to rapidly changing risks
3. Develop a cyber risk appetite based on the trade-offs between security and system usability
4. Map all areas of technological infrastructure, data-related tools, systems and processes
5. Link physical data and security policies with your cyber-risk approach
6. Improve the understanding of information and systems and implement an approach to ensure good practice security standards are followed
7. Develop and rehearse a response plan
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
HOW TO IMPROVE CYBER SECURITY
10 Steps to Cyber Security – CESG - 2012
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
INFORMATION RISK MANAGEMENT REGIME
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
CYBER RISK INSURANCE STILL EVOLVING• 72% of companies surveyed do not purchase stand-alone cyber
cover (defined as a separate cyber insurance policy and not as a sum of partial covers under property, liability and crime policies etc)
• Purchase pattern varies by sector• Sector purchase distribution
2014 FERMA Risk and Insurance Report
PARIMA CONFERENCE – DECEMBER 8TH, 2014 - SINGAPORE
CYBER IS AN ENTERPRISE RISK
Cyber is not only an IT risk Cyber demands enterprise-wide governance and management More innovation in risk management and insurance is required We live and work in a riskier world:
Organizations need solutions for the conventional and unconventional Are insurers up to the challenge? Are brokers up to the challenge? Are risk managers up to the challenge?
"It’s about the people you have, how you are led, and how much you get it"Steve Jobs