Risk management and the sports world unexpectedly intersected in a morning session at RIMS 2012, when panelists discussed how adopting an ERM strategy can help mitigate cyber risk while under the watchful eye (and whistle) of session moderator and well-known NFL referee Ed Hochuli. Much like in an NFL game, Hochuli, who is also an attorney with Jones Skelton & Hochuli, took control of the discussion by donning his referee jersey and throwing his penalty flag whenever any of the presenters went over a pre-determined time limit for remarks.
Panelists Carol Fox of RIMS, David Speciale of Identity Theft 911, Richard Magrath of USLAW NETWORK and John Hall of Hall Booth Smith & Slover were flagged for multiple delay-of-game penalties (and one good-natured taunting violation), but this did not stop them from delivering their timely and informative presentation.
As data breach incidents, such as Sony’s infamous PlayStation Network breach last year, have increased, so has the financial and reputational impacts. Perhaps more importantly, however, this so-called cyber risk no longer only belongs to IT departments. In fact, many IT departments may not even understand the entire scope of the risk. “They are used to dealing with how many servers they have, not necessarily what is on those servers,” said Fox. Since data breaches effect the entire enterprise, mitigation and remediation efforts need to involve all departments in order to effectively limit damages and reduce costs. This makes a data breach plan a vital component of a company’s ERM program.
And given all the complex data protection regulations, jurisdictional issues, and due diligence and privilege concerns, Magrath and Hall recommended that risk managers do not try to go it alone and instead, should engage counsel as a kind of quarterback to help them assess their risk and make sure they are as protected as they can be.
Speciale warned that despite all of a company’s best efforts, 100% protection may be impossible and some fallout may be unavoidable. “When a company is breached, a small percentage of people will never do business with them again,” he said. The key, then, is to be able to prevent as many breaches as you can and then strengthen your defense so you are a less attractive target.
In order to help companies develop a plan of their own, RIMS, US LAW NETWORK and Identity Theft 911 developed an executive report entitled “ERM Best Practices in the Cyber World.” The report details how risk managers can go about developing an effective data breach plan of their own. As the session made clear, thousands of dollars of investment could prevent millions of dollars in losses.
Similar Posts:
- Ed Hochuli Negotiates with the Big Boys
- RIMS ERM Conference 2021: Integrating Net Zero Commitments into ERM Plans
- Tom Ridge Tells Cyber Conference Insurance Should Incentivize Risk and Resilience Planning
- RIMS ERM Conference 2021: IRS Receives Global Enterprise Risk Management Award of Distinction
- RIMS ERM Conference 2021: Lloyd’s Chairman on the Vital Role of Risk Management in Fighting Climate Change
Cyber risk is a growing concern for many businesses and individuals in present times. Organizations have requirements for increasing levels of storage for files and applications etc. Cloud computing can offer these businesses a secure, remote storage site where files and applications can be accessed remotely anywhere in the world. All of the companies files are stored in secure data centers which cutting edge firewalls and security systems. Thank you for the interesting post and feel free to check out more on cloud computing services at our website.