Institute of Enterprise Risk Practitioners Menara...
Transcript of Institute of Enterprise Risk Practitioners Menara...
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
CYBER RISK
Ramesh Pillai
Group MD Friday Concepts (International)
London Singapore Malaysia Indonesia United States Shanghai Oman
International Secretariat
Institute of Enterprise Risk Practitioners
Menara Mitraland D-19-07
No 13A Jalan PJU 51 Kota Damansara
PJU 5 47810 Petaling Jaya Selangor DE
Malaysia
Tel +603 ndash 2381 1900
Fax +603 ndash 7611 0707
Email enquiryinsterpcom
wwwinsterpcom
Global Head Office
Institute of Enterprise Risk Practitioners
49 Greek Street
London W1D 4EG
United Kingdom
CYBERSECURITY
INTRO
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW) as well as the Malaysian Institute of Accountants (MIA)
a Certified Risk Professional (CRP) a certified Enterprise Risk Manager (ERM) a certified Islamic Enterprise Risk Manager (ERMi) a
Qualified Risk Director (QRD) and a Qualified Risk Auditor (QRA) Ramesh was also a Regional Director for the Global Association of
Risk Professionals (GARP) and was instrumental in the creation of the Malaysian chapter of the Professional Risk Managers International
Association (PRMIA) He is an Islamic and Conventional Risk Management resource for the Qatar Investment Authority and is listed in their
Q-Finance Directory Ramesh was a former Risk Management mentor on the ICEAWrsquos Regional F-TEN program and is a member of the
Advisory Board and also on the Panel of Experts of the GlobalRisk Community Ramesh has also been named a Paul Harris Fellow of the
Rotary Foundation of Rotary International in appreciation of tangible and significant assistance given for the furtherance of better
understanding and friendly relations among peoples of the world
With over 30 years of Risk Management experience he is also a recognised Global pioneer in Enterprise Risk Management and in the
implementation of ISO 31000 ISO 31004 and 31010 practices Ramesh started his career with Price Waterhousersquos Financial Institutions
specialism in London gaining experience in Audit Consultancy and Corporate Finance assignments Succeeding the seven years there he
went on to become the Director of Finance and Administration at Picker International Ltd in London In 1994 he spent a year as the Chief
Financial Officer of Rank Video Services (Europe) Limited before accepting a more challenging job experience through an international
assignment Ramesh was handling the responsibilities of a few roles and travelling between Singapore Malaysia and Indonesia as the Acting
Regional Financial Controller cum Senior Regional Financial Analyst as well as the Indonesian Financial Controller as well as Deputy
Country Head for PowerGen International a FTSE 100 (London) listed company in the power and energy industry
Upon leaving PowerGen he headed the Portfolio Management and Credit Administration functions in Citibank before accepting a position in
a National Asset Management Company as the General Manager of the Risk Management Division There Ramesh was responsible for
establishing the Enterprise Risk Management function and Risk Management Policy as well as formulating and documenting the various
procedures and policies relating to the Operations of the National Asset Management Company During his tenure there Ramesh spent a year
on secondment to helliphelliphelliphelliphelliphelliphellip(continued on next page)
Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitioners
Ramesh Pillai is the Chairman of the Board of Governors of the International Institute of Enterprise Risk Practitioners(IERP) as well as being the Group Managing Director of Friday Concepts an International ERM (Conventional andIslamic) BCM Governance Risk Management and Compliance boutique consultancy He is currently a Director ofthree leading Financial Institutions and a former Director of one Developmental Financial Institution His Boardexperience encompasses chairing the Board Risk Management Committee and Board Audit Committee and being amember of the Board Collaboration Committee Investment Committee and Remuneration Committee He is also anominee Director for a Regional Central Bank Additionally Ramesh is the former Risk Management Adviser to thePublic Trustee and one of the largest fund managers in the Region as well as to one of the largest Islamic fund managersin the Region Ramesh holds a Bachelor of Economics with Accountancy (Honours) degree from LoughboroughUniversity in the UK As part of his degree course Ramesh specialised in Economics and Banking in general andIslamic Banking in particular
2
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
the Central Bank where he was involved in heading a national interest project working closely with the Central Bankrsquos staff in general and
the Bank Regulations Bank Supervision and Islamic Banking teams in particular He was also involved in presentations to the National
Syariah Advisory Council in an advisory capacity
Following his assignment at the Central Bank Ramesh moved back into the Banking sector where he was the Chief Risk Officer for
regional Conventional and International Islamic Banks His responsibilities included guiding and coordinating the grouprsquos Operational and
Enterprise Risk Management initiatives
Ramesh is also a member of the MBA (Enterprise Risk Management) Studies Committee in a leading Private University He has published
articles in international publications presented various papers on Risk Management in general and Enterprise Risk Management in
particular Corporate Governance and Bank restructuring issues at National Regional and International forums and is currently writing a
book on Enterprise Risk Management
Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitionershelliphellipcontrsquod
3
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
About the Institute of Enterprise Risk
Practitioners (IERPreg)In todayrsquos increasingly digitalised and highly inter-connected and competitive business worlddisruption and turmoil has become the new norm Boards and business professionals areconstantly looking out for that extra edge to provide and ensure organisational sustainabilityresilience and agility ndash the cornerstone and end-game of Enterprise Risk Management (ERM)
Recognising this critical need for sound ERM knowledge and good ERM practices across allorganisational layers and business sectors THE INSTITUTE OF ENTERPRISE RISKPRACTITIONERS (IERPreg) was established by dedicated and highly experienced BoardDirectors and industry practitioners to holistically address these shortfalls and to make theseskills accessible globally
The IERPregrsquos pioneering innovative and global industry-leading training and certificationprograms are designed for all levels of stakeholders in any organisation who in one way or otherdeal or struggle with Governance Risk and Compliance (GRC) issues in their daily operationsandor decision-making All of the IERPregrsquos programs incorporate practical learningmethodologies and promote international ERM standards and practices in a practical andcommercial context as well as to highlight ERMrsquos linkage to strategy performance ethicsBusiness Continuity and good corporate governance
Membership of the IERPreg and participation on the IERPregrsquos programs is critical for VisionaryBoards business leaders and business professionals who are looking for something that will setthem apart from the crowd and launch them on a trajectory to strategic excellence 4
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
RIS
KA
SSU
RA
NC
E
RISKOVERSIGHT
RISK DRIVERS
RISKCHAMPIONS
The IERPregrsquos Certification Framework
RISK LEADERS
BCM
BUSINESS CONTINUITY MANAGEMENT
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW) as well as the Malaysian Institute of Accountants (MIA)
a Certified Risk Professional (CRP) a certified Enterprise Risk Manager (ERM) a certified Islamic Enterprise Risk Manager (ERMi) a
Qualified Risk Director (QRD) and a Qualified Risk Auditor (QRA) Ramesh was also a Regional Director for the Global Association of
Risk Professionals (GARP) and was instrumental in the creation of the Malaysian chapter of the Professional Risk Managers International
Association (PRMIA) He is an Islamic and Conventional Risk Management resource for the Qatar Investment Authority and is listed in their
Q-Finance Directory Ramesh was a former Risk Management mentor on the ICEAWrsquos Regional F-TEN program and is a member of the
Advisory Board and also on the Panel of Experts of the GlobalRisk Community Ramesh has also been named a Paul Harris Fellow of the
Rotary Foundation of Rotary International in appreciation of tangible and significant assistance given for the furtherance of better
understanding and friendly relations among peoples of the world
With over 30 years of Risk Management experience he is also a recognised Global pioneer in Enterprise Risk Management and in the
implementation of ISO 31000 ISO 31004 and 31010 practices Ramesh started his career with Price Waterhousersquos Financial Institutions
specialism in London gaining experience in Audit Consultancy and Corporate Finance assignments Succeeding the seven years there he
went on to become the Director of Finance and Administration at Picker International Ltd in London In 1994 he spent a year as the Chief
Financial Officer of Rank Video Services (Europe) Limited before accepting a more challenging job experience through an international
assignment Ramesh was handling the responsibilities of a few roles and travelling between Singapore Malaysia and Indonesia as the Acting
Regional Financial Controller cum Senior Regional Financial Analyst as well as the Indonesian Financial Controller as well as Deputy
Country Head for PowerGen International a FTSE 100 (London) listed company in the power and energy industry
Upon leaving PowerGen he headed the Portfolio Management and Credit Administration functions in Citibank before accepting a position in
a National Asset Management Company as the General Manager of the Risk Management Division There Ramesh was responsible for
establishing the Enterprise Risk Management function and Risk Management Policy as well as formulating and documenting the various
procedures and policies relating to the Operations of the National Asset Management Company During his tenure there Ramesh spent a year
on secondment to helliphelliphelliphelliphelliphelliphellip(continued on next page)
Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitioners
Ramesh Pillai is the Chairman of the Board of Governors of the International Institute of Enterprise Risk Practitioners(IERP) as well as being the Group Managing Director of Friday Concepts an International ERM (Conventional andIslamic) BCM Governance Risk Management and Compliance boutique consultancy He is currently a Director ofthree leading Financial Institutions and a former Director of one Developmental Financial Institution His Boardexperience encompasses chairing the Board Risk Management Committee and Board Audit Committee and being amember of the Board Collaboration Committee Investment Committee and Remuneration Committee He is also anominee Director for a Regional Central Bank Additionally Ramesh is the former Risk Management Adviser to thePublic Trustee and one of the largest fund managers in the Region as well as to one of the largest Islamic fund managersin the Region Ramesh holds a Bachelor of Economics with Accountancy (Honours) degree from LoughboroughUniversity in the UK As part of his degree course Ramesh specialised in Economics and Banking in general andIslamic Banking in particular
2
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
the Central Bank where he was involved in heading a national interest project working closely with the Central Bankrsquos staff in general and
the Bank Regulations Bank Supervision and Islamic Banking teams in particular He was also involved in presentations to the National
Syariah Advisory Council in an advisory capacity
Following his assignment at the Central Bank Ramesh moved back into the Banking sector where he was the Chief Risk Officer for
regional Conventional and International Islamic Banks His responsibilities included guiding and coordinating the grouprsquos Operational and
Enterprise Risk Management initiatives
Ramesh is also a member of the MBA (Enterprise Risk Management) Studies Committee in a leading Private University He has published
articles in international publications presented various papers on Risk Management in general and Enterprise Risk Management in
particular Corporate Governance and Bank restructuring issues at National Regional and International forums and is currently writing a
book on Enterprise Risk Management
Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitionershelliphellipcontrsquod
3
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
About the Institute of Enterprise Risk
Practitioners (IERPreg)In todayrsquos increasingly digitalised and highly inter-connected and competitive business worlddisruption and turmoil has become the new norm Boards and business professionals areconstantly looking out for that extra edge to provide and ensure organisational sustainabilityresilience and agility ndash the cornerstone and end-game of Enterprise Risk Management (ERM)
Recognising this critical need for sound ERM knowledge and good ERM practices across allorganisational layers and business sectors THE INSTITUTE OF ENTERPRISE RISKPRACTITIONERS (IERPreg) was established by dedicated and highly experienced BoardDirectors and industry practitioners to holistically address these shortfalls and to make theseskills accessible globally
The IERPregrsquos pioneering innovative and global industry-leading training and certificationprograms are designed for all levels of stakeholders in any organisation who in one way or otherdeal or struggle with Governance Risk and Compliance (GRC) issues in their daily operationsandor decision-making All of the IERPregrsquos programs incorporate practical learningmethodologies and promote international ERM standards and practices in a practical andcommercial context as well as to highlight ERMrsquos linkage to strategy performance ethicsBusiness Continuity and good corporate governance
Membership of the IERPreg and participation on the IERPregrsquos programs is critical for VisionaryBoards business leaders and business professionals who are looking for something that will setthem apart from the crowd and launch them on a trajectory to strategic excellence 4
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
RIS
KA
SSU
RA
NC
E
RISKOVERSIGHT
RISK DRIVERS
RISKCHAMPIONS
The IERPregrsquos Certification Framework
RISK LEADERS
BCM
BUSINESS CONTINUITY MANAGEMENT
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
the Central Bank where he was involved in heading a national interest project working closely with the Central Bankrsquos staff in general and
the Bank Regulations Bank Supervision and Islamic Banking teams in particular He was also involved in presentations to the National
Syariah Advisory Council in an advisory capacity
Following his assignment at the Central Bank Ramesh moved back into the Banking sector where he was the Chief Risk Officer for
regional Conventional and International Islamic Banks His responsibilities included guiding and coordinating the grouprsquos Operational and
Enterprise Risk Management initiatives
Ramesh is also a member of the MBA (Enterprise Risk Management) Studies Committee in a leading Private University He has published
articles in international publications presented various papers on Risk Management in general and Enterprise Risk Management in
particular Corporate Governance and Bank restructuring issues at National Regional and International forums and is currently writing a
book on Enterprise Risk Management
Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitionershelliphellipcontrsquod
3
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
About the Institute of Enterprise Risk
Practitioners (IERPreg)In todayrsquos increasingly digitalised and highly inter-connected and competitive business worlddisruption and turmoil has become the new norm Boards and business professionals areconstantly looking out for that extra edge to provide and ensure organisational sustainabilityresilience and agility ndash the cornerstone and end-game of Enterprise Risk Management (ERM)
Recognising this critical need for sound ERM knowledge and good ERM practices across allorganisational layers and business sectors THE INSTITUTE OF ENTERPRISE RISKPRACTITIONERS (IERPreg) was established by dedicated and highly experienced BoardDirectors and industry practitioners to holistically address these shortfalls and to make theseskills accessible globally
The IERPregrsquos pioneering innovative and global industry-leading training and certificationprograms are designed for all levels of stakeholders in any organisation who in one way or otherdeal or struggle with Governance Risk and Compliance (GRC) issues in their daily operationsandor decision-making All of the IERPregrsquos programs incorporate practical learningmethodologies and promote international ERM standards and practices in a practical andcommercial context as well as to highlight ERMrsquos linkage to strategy performance ethicsBusiness Continuity and good corporate governance
Membership of the IERPreg and participation on the IERPregrsquos programs is critical for VisionaryBoards business leaders and business professionals who are looking for something that will setthem apart from the crowd and launch them on a trajectory to strategic excellence 4
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
RIS
KA
SSU
RA
NC
E
RISKOVERSIGHT
RISK DRIVERS
RISKCHAMPIONS
The IERPregrsquos Certification Framework
RISK LEADERS
BCM
BUSINESS CONTINUITY MANAGEMENT
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
About the Institute of Enterprise Risk
Practitioners (IERPreg)In todayrsquos increasingly digitalised and highly inter-connected and competitive business worlddisruption and turmoil has become the new norm Boards and business professionals areconstantly looking out for that extra edge to provide and ensure organisational sustainabilityresilience and agility ndash the cornerstone and end-game of Enterprise Risk Management (ERM)
Recognising this critical need for sound ERM knowledge and good ERM practices across allorganisational layers and business sectors THE INSTITUTE OF ENTERPRISE RISKPRACTITIONERS (IERPreg) was established by dedicated and highly experienced BoardDirectors and industry practitioners to holistically address these shortfalls and to make theseskills accessible globally
The IERPregrsquos pioneering innovative and global industry-leading training and certificationprograms are designed for all levels of stakeholders in any organisation who in one way or otherdeal or struggle with Governance Risk and Compliance (GRC) issues in their daily operationsandor decision-making All of the IERPregrsquos programs incorporate practical learningmethodologies and promote international ERM standards and practices in a practical andcommercial context as well as to highlight ERMrsquos linkage to strategy performance ethicsBusiness Continuity and good corporate governance
Membership of the IERPreg and participation on the IERPregrsquos programs is critical for VisionaryBoards business leaders and business professionals who are looking for something that will setthem apart from the crowd and launch them on a trajectory to strategic excellence 4
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
RIS
KA
SSU
RA
NC
E
RISKOVERSIGHT
RISK DRIVERS
RISKCHAMPIONS
The IERPregrsquos Certification Framework
RISK LEADERS
BCM
BUSINESS CONTINUITY MANAGEMENT
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
RIS
KA
SSU
RA
NC
E
RISKOVERSIGHT
RISK DRIVERS
RISKCHAMPIONS
The IERPregrsquos Certification Framework
RISK LEADERS
BCM
BUSINESS CONTINUITY MANAGEMENT
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of the Participants of the IERPreg Program
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM
and Islamic ERM
Sample of services provided
Enterprise Risk Management
Enterprise Governance
Business Continuity Management
Investment Risk Management
Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of
Islamic Banks and Takaful Companies)
Financial Risk Management (including Credit Operational and Market Risk)
ERM and Strategy support to Boards and Senior Management teams
Strategy Consulting
Training
Offices in Kuala Lumpur Singapore and Jakarta United States and Oman
Experienced in Public and Private sector organisations
Consultants are Risk Management practitioners with International experience across a wide
range of industries including
State and other Development Agencies Manufacturing
Financial Services Property Development Management
Healthcare Services Shipping
Entertainment Oil amp Gas
GovernmentRegulators Plantations
Practical approach to assignments and problem solving 7
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Selection of clients our Consultants have been associated with
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Think
broadly
about
Value
A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability
Think broadly about issues and impacts
Engage and partner with stakeholders
Make connections amp integrate sustainability within and across our business
9
rsquos Interpretation of
SustainabilityFRIDAY
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
Business and Sustainability
Human Resources
VBM EHS FIRST Finance Operations
Continuous Improvement
Government Relations MarketingProcurement RampD
hellip
hellip
Climate Change
Human Rights
Economic Diversification
Water
Corruption
Governance
Biodiversity
Outsourcing
Low Cost Country Supply
hellip
Evolution from good to best practice hellip
Necessary for Commercial Resiliencehellip
Deve
lopin
g
Peo
ple
Evo
lvin
g
Busi
ness
S
yst
em
s
Enhan
cin
g
Sta
keho
lder
Cap
abil
itie
s
Req
uir
em
en
ts fo
r em
bed
din
g s
ust
ain
ab
ilit
y hellip
Developing Peoplebull Recruitment and retention
strategies bull Leadership and individual
developmentbull Trainingbull Competencies based on
sustainabilitybull Annual objectivesbull Compensation
Evolving Business Systems amp Valuation
Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business
Performance Reviewbull Intangible value
determined and included in business decisions
Enhancing Stakeholder Capabilities
bull Company-wide guidance
bull Indigenous Policybull Human Rights aspects
integrated in current practices
ldquohellip itrsquos not about managing issues Rather itrsquos about being
equipped to succeed in a more complex setting helliprdquo
10
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited
The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value
OperatingRisk
Credit Risk
Model Risk
Entrepreneurial Risk
Regulatory Compliance Risk
FutureWhite Space
bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models
bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars
bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee
bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships
bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees
Risk Management
A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value
Value Preservation to Value Creation
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The Rewards and Risks of
Information Technology Virtually every essential business function performed today uses information
technology making IT both a key business enabler and a critical business risk
The task of balancing business and employee demands for greater connectivity and
access to information with the security concerns that may arise from granting those
requests is complex and challenging
Each device or software application used can help facilitate new business
opportunities but those technologies also have the potential to be used to infiltrate or
harm the business
Balancing the rewards and risks associated with the use of smart phones and other
mobile devices by employees andor board members is just one example of the
growing challenges that Boards and corporate cybersecurity professionals face
Mobile devices facilitate working remotely but the microphones and cameras in those
devices that enable business functionality can also be activated remotely to record and
monitor communications in real time creating a potential risk that important financial
and strategic data could be compromised 12CYBERSECURITY
PERSONAL
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Heightened concern
For many companies 2013 marked the year that responsibility for oversight of
cybersecurity moved from the IT department to the boardroom
Publicity surrounding Chinarsquos growing cyber army massive theft of information
by trusted insiders like Edward Snowden and large data breaches such as the
one experienced by Target Corporation in December 2013 all helped to elevate
cyber risk to the forefront for business executives
With so much at stake for a business - financial loss operational disruption
competitive disadvantage legal liability and harm to corporate reputation - the
question for corporate directors and officers is not whether to become involved
in cyber risk management but how to appropriately oversee their companyrsquos
initiatives
13
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Introduction The costs of a cyber attack can be significant To protect finances liability reputation
and future growth corporate boards must ensure that their companies have appropriate
processes in place to manage cyber risk in the context of their business
Cyber attacks and data leakage are daily threats to organisations globally reminding us
that we are all potential targets of this type of threat
Lawyers are discussing the potential risk of individual liability for corporate directors
who do not take appropriate responsibility for oversight of cybersecurity
Investors and regulators are increasingly challenging boards to step up their oversight of
cybersecurity and calling for greater transparency around major breaches and the impact
they have on the business
Given this environment it is not surprising that cyber risk is now near the top of board
and audit committee agendas
According to a KPMG Global Audit Committee Survey nearly 45 percent of audit
committees in the United States have primary oversight responsibility for cybersecurity
risk yet only 25 percent say that the quality of the information they receive about
cybersecurity is good 14
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
15
How prepared are we
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Attacks
16
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
The risks ndash wherersquos the upside
17
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Regulatory Focus Areas and
Industry Activities
18
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
A Perfect Storm brewing
19
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Questions we need to ask related to
Cyber Risk
20
Case study
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Key questions to be addressed
21
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Cyber Risk Maturity Framework
Know where you are
22
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
What is at stakePotential impacts and possible implications for the board include
Intellectual property losses including patented information and trademarked
material client lists and commercially sensitive data
Legal expenses including damages for data privacy breachescompensation for
delays regulatory fines and the cost associated with defense
Property losses of stock or information leading to delays or failure to deliver
Reputational loss which may lead to a decline in market value and loss of
goodwill and confidence by customers and suppliers
Time lost and distraction to the business due to investigating how the breach
occurred and what information (if any) was lost keeping shareholders advised
and explaining what occurred to regulatory authorities
Administrative cost to correct the impact such as restoring client confidence
communications to authorities replacing property and restoring the
organisationrsquos business to its previous levels23
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Continue to connect the dots with
metrics
24
It is important to assess and benchmark the value of the framework by using
Key Performance Indicators (KPIs)
Considerations would include
Which KPIs are on your cyber risk dashboard
Is your organisation achieving the cyber risk targets it has formulated
How do the KPIs for cyber risks relate to those of your peers
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Conclusions
We believe the process for closing that gap should not be a mystery Taking a
proactive approach to improving cybersecurity governance - connecting the dots
between IT and the business and providing the board with the information
it needs - can help position the company and the board to more selectively address
the evolving threat and implications of a major cybersecurity breach
Since many global organisations have been victims of cyber crime over recent years
board oversight of cybersecurity is no longer just a leading practice - it is a
necessity
Investors governments and global regulators are increasingly challenging
board members to actively demonstrate diligence in this area
Regulators expect personal information to be protected and systems to be resilient to
both accidental data leakage and deliberate attacks
25
SHARING 2017 Predictions
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26
This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part
andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited
Q amp As
T +603 ndash 2381 1900 F +603 - 7611 0707
e-mail rameshfridayconceptscom
wwwinsterpcom 26