Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask

Published byClemence Hancock Modified over 5 years ago

Similar presentations

Presentation on theme: "The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask"— Presentation transcript:

1 The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
ANSI Homeland Security Standards Panel (ANSI-HSSP) October 2, 2008 3:00 to 4:15 PM U.S. Chamber of Commerce

2 Presenters Moderator  Ty R. Sagalow, President, American International Group (AIG) Product Development, and Workshop Leader Panelists Michael Castagna, Chief Information Security Officer, U.S. Department of Commerce Larry Clinton, President, Internet Security Alliance (ISA) Harrison Oellrich, Managing Director, Guy Carpenter & Company, LLC Regan Adams, Former Assistant Privacy Counsel, Goldman Sachs

3 Agenda Background: Setting the Scene
Development of an Action Guide to analyze, manage, and transfer financial risk for cyber security Questions and Answers

4 Background Setting the Scene
Cyber security is vital to the economic well-being of the U.S. What does cyber security really mean? No standard definition, but one interpretation is the protection of any computer system, software program, and data against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Cyber security attacks can come from internal networks, the Internet, or other private or public systems

5 Background (continued)
Corporations use cyber systems for multiple purposes Real-time tracking of supply chains Inventory management Improvement of employee efficiency Generation of on-line commerce Twenty-five percent of America’s economic value – up to $3 trillion a day – moves over network connections each day

6 Background While corporations appreciate the benefits of the Internet, they have often failed to properly account for its financial risks 50% of Senior Executives said they did not know how much money was lost due to an attack Congressional Research Service estimates that the economic impact of cyber attacks on business has grown to over $226 billion annually Total average cost of a data breach grew to approximately $200 per record compromised in 2007

7 Background There is a substantial body of work dealing with the technical standards of cyber security Plenty of attention paid to important technical issues, such as data encryption and best-in-class security technologies BUT...to date, there has not been any comprehensive methodology for understanding and mitigating the financial losses associated with cyber risk

8 Net Financial Risk Formula

9 What Are Some of the Costs?
Failure of security can have costly consequences Civil and criminal lawsuits Lost trade secrets Breach of contract, breach of privacy Reputation damage Business interruption, lost income

10 Development of Financial Risk Action Guide
To promote understanding of financial risk, the American National Standards Institute’s (ANSI) Homeland Security Standards Panel (HSSP) and the Internet Security Alliance (ISA) launched a workshop

11 Development of Financial Risk Action Guide
The Goal Create an Action Guide to analyze, manage, and transfer financial risk for Cyber Security The Team More than 30 industry leaders and governmental partners The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company

12 Resolve: Multidisciplinary Feed to CFO
A CFO needs to know the key questions to ask to the major stakeholders in all corporate domains, including: General Counsel Chief Risk Officer Chief Compliance Officer Chief Technology Officer Heads of Corporate Communications, Investor Relations, and Customer Service Head of Human Resources

13 Time Table The Timetable First Workshop held in March 2008
Draft Action Guide prepared by teams representing the different disciplines Subsequent Workshops held in May and July Action Guide finalized in early August Publication is being released this month, “National Cyber Awareness Month”

14 Action Guide: How to get it
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask Release date: October 20, 2008 Register in advance for a free electronic copy of the document to be ed to you early that morning: webstore.ansi.org/cybersecurity

Download ppt "The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask"

Similar presentations

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Domestic Violence: Prevention at Work. Domestic Violence … What Is It? Domestic violence is a pattern of physical, sexual and emotional assault used by.

Domestic Violence: Prevention at Work. Domestic Violence … What Is It? Domestic violence is a pattern of physical, sexual and emotional assault used by.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “Cybersecurity” GTSC Agenda Item 4.2 DOCUMENT #:GSC14-GTSC7-004 FOR:For.

1 Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “Cybersecurity” GTSC Agenda Item 4.2 DOCUMENT #:GSC14-GTSC7-004 FOR:For.
Mark Carey, CPA, CISA President 866.335.2736 x8431 Management-ese: An Introductory Course.

Mark Carey, CPA, CISA President x8431 Management-ese: An Introductory Course.
AICP New England 13 th Annual Education Day PRIVACY Jenny Erickson Vice President, Legislative and Regulatory Affairs The Life Insurance Association of.

AICP New England 13 th Annual Education Day PRIVACY Jenny Erickson Vice President, Legislative and Regulatory Affairs The Life Insurance Association of.
Risk and Financial Management Panel FPPA 13 th Annual Convention Sanibel Harbour – Fort Meyers, Florida February 23, 2010.

Risk and Financial Management Panel FPPA 13 th Annual Convention Sanibel Harbour – Fort Meyers, Florida February 23, 2010.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Lexmundi.com TRADE SECRET PROTECTION IN THE DIGITAL AGE Eric H. Rumbaugh Partner Michael Best & Friedrich LLP Lex Mundi member firm for Wisconsin This.

Lexmundi.com TRADE SECRET PROTECTION IN THE DIGITAL AGE Eric H. Rumbaugh Partner Michael Best & Friedrich LLP Lex Mundi member firm for Wisconsin This.
New A.M. Best Cyber Questionnaire

New A.M. Best Cyber Questionnaire
Office of Pipeline Safety Hazardous Liquid Pipeline Integrity Management July 23 - 24, 2002 Houston, Texas Welcome.

Office of Pipeline Safety Hazardous Liquid Pipeline Integrity Management July , 2002 Houston, Texas Welcome.

Similar presentations

Ads by Google