Cyber Risk: delivering resilience - Willis Towers Watson · 2. Educate and develop a cyber-savvy...
Transcript of Cyber Risk: delivering resilience - Willis Towers Watson · 2. Educate and develop a cyber-savvy...
willistowerswatson.com
Cyber Risk: delivering resilience
Matt Palmer
20-21 June 2018
Life2018
© 2018 Will is Towers Watson. All rights reserved.
willistowerswatson.com
What we will cover
• The key changes in cyber threats and the impact on risk
• The current causes of security incidents
• The growing role of people and culture
• The increasing challenge of effective incident response
• How we can deliver enterprise resilience across people, capital and technology
© 2018 Will is Towers Watson. All rights reserved. 174
willistowerswatson.com
Sources: C-SPAN, Computing,Financial Times, Washington Post
Cyber Attack: Financial & Operational Impacts
© 2018 Will is Towers Watson. All rights reserved. 175
willistowerswatson.com
Willis Towers Watson and Economist Intelligence Unit Global StudyBuilding a cyber-resilient organization
A new study conducted by The Economist Intelligence Unit (EIU) and sponsored by Willis Towers Watson, aims to explore organizations’ effort to become cyber-resilient – and, in particular, how board oversight can enable this strategy. Early results include findings about:
TalentBreachesBudgets
96%
don’t think they spend enough on Cyber
of boards
1/3Approximately
have occurred …and will again
report severe breaches
report having a cyber-savvy workforce
50%Less than
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 176
willistowerswatson.com
58%23%
10%
7%2%
Percentage of claims by breach typeEmployee negligence or malfeasance - e.g., accidental disclosures, lost or stolen device,rogue employeeRansomware / Hack
Social engineering resulting in data theft or funds transfer
Denial of service
6%11%
35%
4%6%
2%
8%
5%2%
12%
8%
Education Financial Institutions HealthcareHospitality Manufacturing Media/EntertainmentOther Professional Services Real EstateRetail Technology
Types of companies
Who gets breached and how?
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 177
willistowerswatson.com
The people perspective
Source: Willis Towers Watson Cyber Risk Culture Survey; Gartner
How responses to cyber threat are changing
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 178
willistowerswatson.com
Building organisational resilience
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 179
willistowerswatson.com
Why capital mattersAre we spending enough, wisely enough?
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 180
willistowerswatson.com
Technology Resilience & Incident Response
Cyber range
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 181
willistowerswatson.com
1. Have a strategy which engages stakeholders and employees
2. Educate and develop a cyber-savvy workforce
3. Build a shared understanding between Risk, IT, IS, HR, Operations, Legal and Compliance
4. Quantify and communicate cyber risk in financial terms, not technical terms
5. Engage the board fully in incident readiness, not just through reporting
6. Assume the worst will happen, and run through all the possible scenarios to build a practical incident protocol
7. Practice what you preach, and be honest but clear when an incident occurs
8. Prepare, prepare, prepare!
Top tips for building enterprise cyber resilience
© 2018 Will is Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 182