We need to redefine the term ‘cyber risk’, according to the IT security firm RSA in a report with Deloitte Advisory Cyber Risk Services. The term extends beyond hacks – planned attacks on information systems. While hacks are an important part of the equation, cyber risk takes in wider events that lead to potential of loss or harm.
Emily Mossburg, partner, Deloitte & Touche LLP and Deloitte Advisory Cyber Risk Services Resilient Practice Leader, said: ““The very fundamental things that organisations undertake to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver, and then make more informed decisions.”
To download the report, visit the RSA website: https://www.rsa.com/en-us/perspectives/resources/cyber-risk-appetite-defining-and-understanding-risk-in-the-modern-enterprise.
Titled “Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise,” it concludes that we need a systematic process for defining and comprehensively categorising sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.
