Assessing Cyber Risk: Critical Questions for the Board and the C-Suite | Deloitte US has been added to your bookmarks.
Assessing cyber risk
Critical questions for the board and the C-suite
The evolving threat landscape means organizations today must worry about far more than fraud and theft. As attackers become highly organized and also focus their attention on disrupting services, destroying your data, and holding your systems to ransom, the risk challenges grow more complex, with regulatory fines, legal damages, loss of trust, and reputation damage becoming part of the equation.
Embrace risk to drive performance
Amid this landscape, the connection between risk and performance grows stronger, with responsibility for overseeing cyber risk increasingly resting with the board and the C-suite. These top leaders increasingly want to confirm that their businesses remain secure, vigilant, and resilient, but they are sometimes far removed from the day-to-day challenges of monitoring, detecting, and responding to evolving cyber risks.
Ten critical questions can help board members and the C-suite get started by unlocking insights about their cyber maturity. Explore them here, and discover guidance that can help you develop focused answers and build new cyber risk understanding.
- Do we demonstrate due diligence, ownership, and effective management of cyber risk?
- Do we have the right leader and organizational talent?
- Have we established an appropriate cyber risk escalation framework that includes our risk appetite and reporting thresholds?
- Are we focused on, and investing in, the right things? And, if so, how do we evaluate and measure the results of our decisions?
- How do our cyber risk program and capabilities align to industry standards and peer organizations?
- Do we have a cyber-focused mindset and cyber-conscious culture organization wide?
- What have we done to protect the organization against third-party cyber risks?
- Can we rapidly contain damages and mobilize response resources when a cyber incident occurs?
- How do we evaluate the effectiveness of our organization’s cyber risk program?
- Are we a strong and secure link in the highly connected ecosystems in which we operate?
Boards and C-suite play a critical role in cyber risk
Cyber threats and attacks continue to grow in number and complexity, all while the business world grows increasingly connected and digital. Amid this new landscape, managing cyber threats becomes a business and strategic imperative, with the stakes higher than ever. These days, cyber crime involves more than fraud and theft. As the domain of vast criminal networks, foreign government-sponsored hackers, and cyber terrorists, cyber crime extends across the risk spectrum—to involve disruption of services, corruption or destruction of data, and even “ransomware” activities that seek to extort money, access, or corporate secrets from victims.
Today, cyber risk and performance are more tightly intertwined. Tangible costs from cyber crime range from stolen funds and damaged systems to regulatory fines, legal damages, and financial compensation for affected parties. Intangible costs could include loss of competitive advantage due to stolen intellectual property, loss of customer or business partner trust, and overall damage to an organization’s reputation and brand. Beyond the damage to individual organizations, the sheer scope of cyber attacks now has the potential to cause mass-scale infrastructure outages and potentially affect the reliability of entire national financial systems and the well-being of economies.