Time: 8:00 - 9:00 p.m. (India) | 2:30 - 3:30 p.m. (GMT) | 10:30 - 11:30 a.m. (New York)
Organizations are struggling to (a) prioritize among the myriad cyber risks; (b) make a business case for recommended mitigation; and (c) draw a rigorous, defensible line in the sand limiting the scope of cyber risk management. In this session, we begin with the current state of cybersecurity risks.
Then, we discuss how a value-based ERM approach uses deterministic scenarios and quantitative models to (a) sort out which cyber risk scenarios to focus on; (b) support mitigation decisions with robust risk-reward data; and (c) define a “cyber risk appetite” to contain the focus of cyber risk management to a manageable level. We will then share some early lessons from a case study that is starting to successfully apply this approach and enhance its cyber risk management, particularly surrounding their use of vendors.
Attendees will learn:
How to better prioritize among a disparate and growing set of cyber risks
What data is used to make the business case for targeted cyber risk mitigation
An approach to defining “cyber risk appetite"
Sim Segal, Academic Director and Senior Lecturer in Discipline, M.S. in Enterprise Risk Management Program at Columbia University's School of Professional Studies, and President at SimErgy Consulting
Shahryar Shaghaghi, Lecturer at Columbia University's School of Professional Studies, and Head of Cybersecurity and Privacy Advisory at CohnReznick
Dave Bartholomew, Lecturer at Columbia University's School of Professional Studies, and Director, Operational Risk, Compliance & Controls, Institutional Division at Pacific Life