Identifying Cyber Risks: The Important Role of Senior Management

It is becoming more and more evident that cybersecurity is one of the focal points regarding security risks in the twenty-first century for all organisations.It is understandable that almost every organisation that has access to any kind of computing devices will be at risk and will probably experience harmful cyber incidents. Hackers, whether via individual or state-sponsor cyber-attacks, are increasingly finding ever more creative methods to bring about cyber mayhem. This is ever more likely with the ongoing expansion of mobile devices and the evolution of computing capabilities through the introduction of new technological advances, such as the Internet of Things, cloud computing and big data.This brings risk management to the top of agenda in large organisations.We know that the goal of risk management is to maximise the output of the organisation that includes services, products, revenue and so on, while minimising the risk of unanticipated results.Information security and cyber security programs are successful if they are strategically aligned with organisations’ risk management strategies. Senior executives should recognise this dependencies and plan adequately for cyber threats.However, based on the “Cyber Security Breaches Surveys, 2016,” while cyber security should be part of every big risk management strategy, it has only been highlighted by 69% of business, all of which obviously believe that cyber security is a priority for senior managers. By extension, 31% of businesses do not recognise cyber security as a priority.The other main problem identified by this report is the fact that only 51% of companies have taken recommended actions to identify cyber risk.The accountability lies with senior management.The senior management team has a broad and clear view of their organisation’s strategic planning. Therefore, they are the only people who can effectively address and manage complex cyber security threats. This requires collaboration, clear communication channels and adequate security awareness by the senior management team. Major information security risk factors may be left unchecked without the coordinated oversight of senior management team and the rest of the organisation.The importance of such close cooperation becomes even more critical if an enterprise does business globally. There are various forces beyond the control of senior management team that make it impossible to deal with the threats of cyber space using traditional risk management. It requires agility and depends on heightened senior management involvement with clear security awareness.Organisations can and should build a strong security awareness foundation that is capable of facilitating adequate cyber resilience. The senior management team should also evaluate threat trajectories from a position of risk profiling and business acceptability. This can help lead organisations to a position in which they can address cyber hygiene, cyber resilience and cyber warfare.It can be concluded that the senior management team is not just responsible for establishing the risk framework that will be used to define risk assumptions, risk constraints, risk tolerances, and risk priorities. The senior management team has a greater responsibility beyond risk framework. It must be fully engaged in all aspects of cyber risk factors and the establishment of clear coordinated efforts within a organization and all internal components thereof.In addition, creating an environment of security awareness and creating clear communication channels should also be considered. About the Author: Reza Alavi has been working in various IT positions in the last 10 years and currently working as an information Security Consultant, helping his clients to become more effective and efficient typically through the strategic of information systems, risk management and security governance. Previously Reza was working for 10 years in Javan Company Ltd., which specialises in wide range of consultancy services such as information and IT security, risk management and business continuity, security governance and strategy both in the Middle East. Having significant experience of the commercial sector in various parts of the globe and working with variety of cultures and work ethics and at the same time educated at PhD level in information security enables Reza to have a deep understanding of current information and cyber security requirements to protect assets in both SMEs and big organisations.Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.Save

Leave a Reply