ORX cyber programme padlock

ORX CISR programme:
Improving cyber and information security risk management

We're currently working on a programme to support firms with their day-to-day cyber and information security risk (CISR) management. This is an element of our material risks in focus work, which takes a single risk type and looks in detail at how we can support institutions to manage it.

The cyber challenge

Cyber and information security are some of the most concerning risks facing the industry today. Boards, regulators and senior management want to know that these risks are being effectively managed.

The challenge operational risk professionals face is how to manage cyber and information security risks with limited data and information. How can you understand your experiences and exposure and compare them with your peers? How do you know if you are taking the right risk management actions?

This is where ORX can help. We are supporting firms to:

  • Understand their risk exposure for cyber and information risk
  • Improve how they respond to and actively manage the risk

A global community of experts

To help us work out how we can best support operational risk functions, we've created a working group of cyber and information security experts from among a variety of our member firms. We have over 50 financial organisations involved in the initiative so far.

If you want to know more about this programme, then you can take a look at the results and outputs on this page, or get in touch with us to find out more.

CISR programme outputs

Latest news
Top 5 cyber risks and how they've changed in the pandemic
Melanie Lavallin
17 September 2020
A recent ORX study showed that cyber and information security risks have changed as a result of coronavirus. We surveyed cyber experts in our operational risk community to find out more - here are the top 5 level 2 cyber risks.
Research
Cyber risk management controls & indicators
Melanie Lavallin
28 February 2020
How is the industry implementing controls and indicators for cyber risk management? And what makes an effective indicator or control? Read the report from our study to find out.
Research
Roles and responsibilities in cyber and information security risk management
Melanie Lavallin
24 September 2019
We surveyed 25 financial institutions establish where cyber and information security risk management responsibilities sit across the three lines of defence, and to identify those areas where there is confusion. See what we found out.
Research
Cyber and information security risk definitions
Melanie Lavallin
4 July 2019
Working with participants of the ORX Cyber and information security risk (CISR) programme, we have created definitions for cyber and information security risk that we'll use throughout the project.

    A library of controls and indicators

    As part of this programme, we've created a library of controls and indicators used for cyber risk management. This library allows firms to compare themselves against other organisations and see where they could enhance their practices.

    Find out more about the library

    More from ORX on cyber

    Latest news
    Top 5 cyber risks and how they've changed in the pandemic
    Melanie Lavallin
    17 September 2020
    A recent ORX study showed that cyber and information security risks have changed as a result of coronavirus. We surveyed cyber experts in our operational risk community to find out more - here are the top 5 level 2 cyber risks.
    Press release
    ORX creates industry’s first cyber risk controls and indicators library
    Esther Britton
    14 May 2020
    We're delighted to announce that ORX has launched our new controls and indicators library for cyber and information security risk management. Find out how the library will improve cyber risk management in the financial sector.
    Blog
    What impact is coronavirus having on cyber risk profiles?
    Steve Bishop
    20 April 2020
    Find out how of coronavirus (Covid-19) is affecting a financial firm's cyber risk profile. Key impacts include an increase in cyber attacks, the vulnerabilities of working from home and third and fourth party risks.
    Press release
    ORX to create cyber control and indicator libraries
    Esther Britton
    27 November 2019
    ORX has gathered key controls and indicators from over 20 financial institutions based around the world. This information will allow us to create libraries of controls and indicators used for managing and monitoring cyber and information security risk.
    Information
    Four challenges of distributing cyber operational risk management responsibilities
    Melanie Lavallin
    13 November 2019
    Financial institutions face four key challenges when distributing roles and responsibilities for cyber risk management, including lack of clarity; conflict of interest; resource and capacity; and low board-level understanding of cyber and IT.
    Press release
    ORX surveys firms to find controls and indicators for cyber risk
    Esther Britton
    29 October 2019
    We are currently surveying financial firms to find out what key controls and indicators they are using to manage cyber and information security risk. This survey is being done as part of our cyber and information security risk (CISR) programme.
    Research
    Roles and responsibilities in cyber and information security risk management
    Melanie Lavallin
    24 September 2019
    We surveyed 25 financial institutions establish where cyber and information security risk management responsibilities sit across the three lines of defence, and to identify those areas where there is confusion. See what we found out.
    Research
    Cyber and information security risk definitions
    Melanie Lavallin
    4 July 2019
    Working with participants of the ORX Cyber and information security risk (CISR) programme, we have created definitions for cyber and information security risk that we'll use throughout the project.

    CISR programme

    Find out how your institution could get involved in the ORX cyber and information security risk management programme.

    Contact us