Risk Management Blog
Content for Risk
Management Professionals
December 31, 2018
Cyber risk is perhaps the most pervasive, diverse, and impactful forms of risk that can affect an organization. In today’s world, we’re all connected to and dependent on the internet, and that means that few organizations are able to evade exposure to cyber risk and its consequences.
But when it comes to something that has the ability to enter an organization from any angle and infiltrate every department, who should be at the front line? The Federation of European Risk Management Associations (FERMA) seems to think it's risk managers.
In a report published earlier this year, FERMA urged companies to create dedicated internal cyber risk governance groups—chaired by a risk manager—to operate across all functions of the company to determine the potential costs of cyber risk and propose mitigation measures. Jo Willaert, president of the FERMA board, said in a statement, “As recent attacks show, cyber risk is an enterprise issue that affects strategic aspects of the board’s mandate including valuation, reputation, and trust. The management of cyber risk has, therefore, become a corporate issue that should be reflected in the governance of the company.”
Additionally, Berrymans Lace Mawer L.L.P. in conjunction with Airmic Ltd., a risk managers association, published a report earlier this year as well that called compliance “not simply an IT issue but an organization-wide risk that risk managers must address and control.”
So, cyber risk is a job for ERM and risk managers. Great, except ERM can often times mean something much less than a comprehensive, multi-step framework that address the full gambit of enterprise risk components. Unfortunately, ERM processes can easily become overly complicated and burdensome; they often slow down or muddy the risk identification waters. Furthermore, many ERM processes take a severity approach to risk, resulting in a blurry lens that may expose the organization to risk blind-spots.
Fortunately, there are professional-grade ERM solutions out there to meet your needs and help risk managers be successful on the front line of not just cyber risk, but all types of enterprise risk.
Procipient® comes equipped with prebuilt enterprise risk framework and ready to use features that allow risk managers to manage all aspects of enterprise risk with unprecedented insight and instant success. If your organization is ready to centralize cybersecurity under the direction of its risk managers, contact a Procipient® team member using the link below to learn how our ERM-GRC solution can set them up for success.
