ORX launches cyber risk initiative
- 17 January 2019
We’re exploring a new proposition to help you practically advance your cyber risk management activities. By enabling specialists to work together, ORX can support the development of a collective view of the biggest cyber challenges facing the industry.
The cyber risk dilemma
Our 2018 Operational Risk Horizon report showed that many firms see cyber and digital as key emerging risks. Our most recent study – Operational Risk Horizon 2019 – shows that this trend is expected to continue. The number of publicly known incidents arising from cyber attacks is increasing, with significant levels of fraud taking place.
So far this year, our ORX News service has reported over 90 cyber stories, resulting in losses of more than USD $1 billion. In fact, this risk is increasing so much that ORX News has increased its coverage to include large cyber losses in non-financial services companies, starting from January 2018.
Pressure from regulators, boards and management to demonstrate effective management of cyber and digital risks is now higher than ever before. However, a recent survey by McKinsey showed that only 16 per cent of companies believe that they are well prepared to face these risks.
Why does cyber pose such a challenge?
Organisations face many obstacles and barriers in trying to meet the cyber threat, primarily:
- A shortage of data to help understand the risks and to measure risk exposure
- Insufficient understanding and coordination between operational risk, information risk and IT teams
- Difficulty comparing and benchmarking experience and exposure with peers, including losses suffered, controls implemented and actions taken
- Not being able to verify that the right risk management action is being taken and is reducing the risk exposure
This is where we can help. Making use of our experience, our network and our existing information, we believe that ORX can support organisations to advance their risk management practice.
Phase one – consultation and working group
We've begun by inviting interested members and cyber risk specialists to take part in an initial consultation and form a working group. At the same time, we're developing a preliminary view of our existing cyber information – including our loss database, ORX News, scenarios, and KRI information.
The working group is helping to shape the potential service – guiding us on how we can best support and enhance cyber risk management. Examples of areas that might be explored include:
- Establishing what information could be shared to address the cyber data shortage
- Identifying innovative research that we can do to drive improvements in cyber risk management – for example, cyber information dashboard
- Developing cyber risk management standards and benchmarking practices – for example, cyber definition and taxonomy, peer group benchmarking
- Exploring how collaboration and interaction can support enhancing cyber risk management – for example, working groups, events and forums
Phase two – proving the concept
Guided by the outputs from phase one, we will deliver proof of concept as a forerunner to developing a prototype cyber risk service. If this is a success, and there is sufficient demand, we will launch a permanent service. We hope to be ready to work on the proof concept in Q2 2019.