Cybersecurity threats continue to expand in number and complexity and finding an approach to managing them effectively is elusive. Organizations are struggling to:
- Prioritize among the myriad cyber risks
- Make a business case for recommended mitigation
- Draw a rigorous, defensible line in the sand limiting the scope of cyber risk management
In this session, we begin with the current state of cybersecurity risks. Then, we will move on to how a value-based ERM approach uses deterministic scenarios and quantitative models to:
- Sort out which cyber risk scenarios to focus on
- Support mitigation decisions with robust risk-reward data
- Define a “cyber risk appetite” to contain the focus of cyber risk management to a manageable level
We will then share some early lessons from a case study that is starting to successfully apply this approach and enhance its cyber risk management, particularly surrounding their use of vendors.