New Cyber-Risk Responsibilities for Chief Risk Officers and Risk Managers
Common trends are emerging in the new and proposed cyber-risk management regulatory standards calling for a broad range of organisations to address cyber-risk across all three lines of defence (3LoD).
Chief risk officers (CROs) have significant responsibilities and access to the board and senior management that put them at the forefront of technological, operational and human resources challenges involved in implementing the 3LoD approach to cyber risk management.
To brief its members and ERM practitioners on these matters, the IERP organized a tea talk which was delivered by Mr. Ramesh Pillai, the Chairman of the Board of Governors of IERP. Mr Pillai shared his over 30 years of Risk Management (including his current Board experience as well as Board Risk Management and Board Audit Committee) experience with the members and guests as the tea talk.
Mr. Pillai stressed that no matter how well defended an organization felt it might be, a cyberattack at some point in the future was a certainty. He advised the participants to maintain constant vigilance, constantly redefine their defence perimeters and maintain their cybersecurity defensive readiness. This included the development, maintenance and regular organisation-wide testing of cybersecurity playbooks.
The tea talk also provided guidance and advice on DRPs and the importance of robust Operational Risk policies, processes and controls in relation to cybersecurity risk. Mr. Pillai also spoke on the importance of benchmarking against the organisation’s approved cybersecurity maturity frameworks. This session was very well attended mainly by GLCs and PLCs.
Mr. Pillai noted that smaller organisations needed to be aware of these risks as cybersecurity did not discriminate according to size. The discussions carried on through the networking and fellowship sessions – reflecting the high concern harboured by members and ERM practitioners on cybersecurity risks and issues.