Summary of the Presentation at the Cincinnati NIRI Chapter Meeting on January 14, 2015
The Cincinnati Tri-State Chapter of NIRI held its third meeting of the season on January 14, 2015. Jason Straight and Doug Goodall of UnitedLex provided a briefing on the subject of cyber risks. Below are several key points from the informative presentation.
- Cyber security is now among the top of enterprise risks facing customers, according to surveys.
- Data breach costs per organization averaged $6 million in 2014, with roughly half representing indirect costs.
- Large companies are now in a state of continuous incident response.
- Perimeter defenses are no longer sufficient as nearly 2/3 of breaches are from employee contractor negligence or system error/malfunctions.
- Lessons learned from Target’s breach include:
- Lots of work and costs from congressional inquiries.
- Revenues decreased (contrary to industry trends), stock price fell, two c-level resignations.
- Insurance covered only about 1/5 of the estimated directs costs of $500 million.
- Over 100 lawsuits resulted from the breach.
- Board oversight trends include:
- Large company boards are taking more responsibility for reviewing risk management practices, emphasizing awareness and a culture of security.
- Pressure is increasing to hold boards accountable and shareholder suits are emerging.
- More technical expertise is being used to advise boards as needed.
- Cyber risk management oversight is a big challenge.
- How can top cyber risks be identified?
- How can sufficiency of security team activities be assured?
- If a large bank that spends $250 million/year on cyber security and still gets hit, how does your company stand a chance?
- A risk based approach can address simple but critical questions pertaining to what assets most need protection, what are the most realistic threats, assessing vulnerability and maximizing investments to protect against highest priority threats.
(Click here to view a slide presentation from this meeting.)