The Institute of Risk Management Cyber Special Interest Group
The IRM is the leading professional body for Enterprise Risk Management. They help build excellence in risk management to improve the way organisations work. With the growing threat and focus on cyber risk, they have created a new Special Interest Group (SIG) dedicated to the topic.
Based on our work to assess the cyber risk landscape across industries such as insurance, Northdoor was invited to present at one of the first SIG meetings on the topic of “Good practices/models for assessing cyber risk”.
Northdoor showed the results of our recent UK insurance industry cyber risk assessment, which we have made available to download as a report.
We also presented on the use of data-driven insights to prevent cyber breaches, based on the RiskXchange cyber risk assessment platform.
Use of the RiskXchange model provides the continuous, automated and real-time assessment of cyber risk for both the organisation and, crucially, third and fourth-party risk in the supply chain.
The key take-aways for the attendees were:
• The typical manual assessment-based approach to cyber risk is not working;
• Popular use cases for the RiskXchange model include continuous monitoring, real-time insight, performance evaluation, control of third and fourth party risk and discovery of every asset in your complete ecosystem attack surface;
• Need to map and assess your organisation’s entire digital footprint;
• “Signals” (something that may tell a story, or be part of a story) should be compiled across a wide range of target areas, from both internal and external sources to build a cyber risk score of your organisation;
• Aggregate and systemic risk should be modelled, e.g. to understand service providers that are common across your third and fourth parties and that may present a systemic risk should that common service provider suffer an issue.
To understand more about managing cyber risk in your organisation, please contact us.