The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Post on 26-Dec-2015
213 Views
Preview:
Transcript
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 1
The Financial Impact of Cyber Risk
50 Questions Every CFO Should Ask
ANSI Homeland Security Standards Panel (ANSI-HSSP)
October 2, 2008
3:00 to 4:15 PM
U.S. Chamber of Commerce
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 2
Presenters
• Moderator
– Ty R. Sagalow, President, American International Group (AIG)
Product Development, and Workshop Leader
• Panelists
– Michael Castagna, Chief Information Security Officer, U.S. Department of Commerce
– Larry Clinton, President, Internet Security Alliance (ISA)
– Harrison Oellrich, Managing Director, Guy Carpenter & Company, LLC
– Regan Adams, Former Assistant Privacy Counsel, Goldman Sachs
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 3
Agenda
• Background: Setting the Scene
• Development of an Action Guide to analyze, manage,
and transfer financial risk for cyber security
• Questions and Answers
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 4
BackgroundSetting the Scene
• Cyber security is vital to the economic well-being of the U.S.
• What does cyber security really mean?
– No standard definition, but one interpretation is the protection of any computer system, software program, and data against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional
– Cyber security attacks can come from internal networks, the Internet, or other private or public systems
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 5
Background (continued)
• Corporations use cyber systems for multiple purposes
– Real-time tracking of supply chains
– Inventory management
– Improvement of employee efficiency
– Generation of on-line commerce
• Twenty-five percent of America’s economic value –
up to $3 trillion a day – moves over network connections
each day
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 6
Background
• While corporations appreciate the benefits of the
Internet, they have often failed to properly account
for its financial risks
– 50% of Senior Executives said they did not know how much
money was lost due to an attack
– Congressional Research Service estimates that the economic
impact of cyber attacks on business has grown to over
$226 billion annually
– Total average cost of a data breach grew to approximately
$200 per record compromised in 2007
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 7
Background
• There is a substantial body of work dealing with the
technical standards of cyber security
• Plenty of attention paid to important technical issues,
such as data encryption and best-in-class security
technologies
• BUT...to date, there has not been any comprehensive
methodology for understanding and mitigating the
financial losses associated with cyber risk
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 8
Net Financial Risk Formula
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 9
What Are Some of the Costs?
• Failure of security can have costly consequences
– Civil and criminal lawsuits
– Lost trade secrets
– Breach of contract, breach of privacy
– Reputation damage
– Business interruption, lost income
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 10
Development of Financial Risk Action Guide
• To promote understanding of financial risk, the American
National Standards Institute’s (ANSI) Homeland Security
Standards Panel (HSSP) and the Internet Security
Alliance (ISA) launched a workshop
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 11
Development of Financial Risk Action Guide
• The Goal
– Create an Action Guide to analyze, manage, and transfer financial risk for Cyber Security
• The Team
– More than 30 industry leaders and governmental partners
• The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 12
Resolve: Multidisciplinary Feed to CFO
• A CFO needs to know the key questions to ask to the
major stakeholders in all corporate domains, including:
– General Counsel
– Chief Risk Officer
– Chief Compliance Officer
– Chief Technology Officer
– Heads of Corporate Communications, Investor Relations,
and Customer Service
– Head of Human Resources
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 13
Time Table
• The Timetable
– First Workshop held in March 2008
– Draft Action Guide prepared by teams representing the
different disciplines
– Subsequent Workshops held in May and July
– Action Guide finalized in early August
– Publication is being released this month,
“National Cyber Awareness Month”
The Financial Impact of Cyber Security 50 Questions Every CFO Should AskA publication of the American National Standards Institute and the Internet Security Alliance Page 14
Action Guide: How to get it
The Financial Impact of Cyber Risk
50 Questions Every CFO Should Ask
Release date: October 20, 2008
Register in advance for a free electronic
copy of the document to be e-mailed to
you early that morning:
webstore.ansi.org/cybersecurity
top related