ORX creates industry’s first cyber risk controls and indicators library

  • 14 May 2020

We're delighted to announce that ORX has launched a new controls and indicators library for cyber and information security risk (CISR) management. This unique industry resource is currently available to all ORX members for free.

Providing a platform to compare cyber controls and indicators

This new library from ORX will allow financial services organisations to compare and benchmark their cyber risk management controls and indicators against those of their peers. Every firm that takes part in the library will receive a personal benchmark, which is colour coded so they can easily see where they operate controls in comparison to other firms. The library will enable users to identify areas of strengths and weakness and use this information to enhance their cyber and information security risk management.

What’s in the library?

The only one of its kind in the operational risk industry, the library can help firms to identify effective controls and indicators for cyber and information security risk management. By using data submitted by the participants of our cyber programme, we've created a library which gives crucial insights into the controls and indicators used by other specialist teams for cyber risk management. This includes:

  • How frequently they are used
  • Whether they are automated
  • What primary risks they manage (aligned to the ORX Reference Taxonomy)
  • Whether indicators are leading or lagging
  • Whether they are dependent on a third party

Helping the industry enhance cyber risk management

Brought together in one place, this information enables organisations to develop and improve their cyber and information security risk management controls and indicators. The library is the outcome of the controls and indicator work we carried out last year with our cyber and information security risk management working group.

Find out more about the library

At the moment, the library is available to all ORX members for free. If your organisation is part of the ORX membership, then please contact us to find out how to access it. Not sure if you’re an ORX member? Take a look at our membership map to find out.

If you’re not currently a member of ORX, but want to know more about our work on cyber and information security risk management, then you can explore our results and outputs so far here. Or, get in touch with us for more information.

Cyber risk management

Explore the work we've been doing to support operational risk teams with cyber and information security risk management.

Cyber risk management