Risk management usually falls in the domain of the CFO. However IT security often stays within the IT silo. This approach will not work long term; the CFO needs to take charge.
The CFO has to own IT security because:
- IT security involves protection of assets, liability exposures and regulatory compliance. This is more than a technical IT matter;
- It involves computer systems outside of the company, over which IT has no control;
- It involves managing the flows of liabilities in contracts;
- Cyber Risk insurance must be negotiated;
- Someone above the IT dept has to be concerned about the insider threat from the IT unit itself (the folks with the most access – often complete and absolute access).
LicataRisk Cyber Risk and Insurance Review
LicataRisk has been doing cyber risk evaluation and insurance negotiation since the beginning for all of our clients. This has been done for ongoing clients as part of total risk management.
Demand has come from non-clients for a cyber-only review and report, with recommendations for improving risk profile and insurance, and a plan for moving forward.
We now offer a Cyber Analysis and Report project which includes:
• Risk identification and quantification
• Review of cyber insurance program, with gap analysis and recommendations
• Review of cyber-related contracts, with report on risk assumption, and its
coordination with the cyber liability insurance in the following areas:
– is risk which is assumed actually insured under current policies?
– do contract terms violate insurance promises and/or warranties?
• Loss control evaluation (at CFO level) with recommendation and referral to
technical security experts if necessary and desired
Know where you stand and what you need to do to be better protected.