The CFO's role in managing cyber risk.
| Author | Gregg, Robert |
| Position | Technology |
Most organizations do less than they should to manage the risks associated with their handling of sensitive information. This can lead to data breaches and make companies susceptible to cybercrime. The key factors contributing to this growing problem, to a great extent, are due to archaic approaches to management structure and accountability for risks that are not aligned with today's environment.
The Obama Administration's May 2009 Cyberspace Policy Review found that American business losses due to cyber attacks had grown over the years to more than $1 trillion. And security software and services company Symantec Corp. found in its January 2010 internet Security Threat Report that new cyber threats on the Internet grew nearly 500 percent year-over-year from 2008 to 2009.
Why do organizations seem unable to stem this tide of cybercrime?
The Internet Security Alliance and the American National Standards Institute (ISA/ANSI) recently published The Financial Management of Cyber Risk, a report that explores the issue and makes concrete recommendations. These organizations brought together dozens of industry experts in cybercrime, security, privacy and risk management to look into these troubling trends and identify the underlying causes and develop practical solutions. The final report also describes the key role that the chief financial officer can and must play in addressing cyber risk.
Why Losses Due to Cyber Risks Are Growing
Several factors have contributed to the extraordinary growth in the financial losses to American businesses resulting from cyber attacks. Among them are the explosion in the number of attacks, the reduction in budgets for information security and failure to address cyber risks from an enterprise-wide strategic and cooperative perspective.
Cyber threats are doubling each year as a result of the global nature of cybercrime. Offshore organized crime efforts view this as a high leverage and profitable endeavor. The U.S. Secret Service estimated that there are between 40,000 and 50,000 hackers active in today's world who are developing their skills at a rapid rate to target vulnerabilities in corporate systems.
Cyber criminals are using social engineering to exploit the weaknesses of human and technical systems. Phishing attacks continue to grow and insidious malware has caused some of the largest and most costly data breach incidents during this past year.
Despite the active threat environment, a 2009 study by...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
