Cyber Risk Case Study: A Scenario-Based Approach to Identifying and Mitigating Key Threats

Cybersecurity threats continue to expand in number and complexity, and finding an approach to managing them effectively is elusive.

Organizations are struggling to (a) prioritize among the myriad cyber risks; (b) make a business case for recommended mitigation; and (c) draw a rigorous, defensible line in the sand limiting the scope of cyber risk management. In this session, we begin with the current state of cybersecurity risks.

Then, we discuss how a value-based ERM approach uses deterministic scenarios and quantitative models to (a) sort out which cyber risk scenarios to focus on; (b) support mitigation decisions with robust risk-reward data; and (c) define a “cyber risk appetite” to contain the focus of cyber risk management to a manageable level. We will then share some early lessons from a case study that is starting to successfully apply this approach and enhance its cyber risk management, particularly surrounding their use of vendors.

Attendees will learn:

• How to better prioritize among a disparate and growing set of cyber risks
• What data is used to make the business case for targeted cyber risk mitigation
• An approach to defining “cyber risk appetite"