cyber risk the new business risk
play

Cyber Risk: the New Business Risk Current and Future Regulatory - PowerPoint PPT Presentation

Aug 17, 2022 •176 likes •407 views

Cyber Risk: the New Business Risk Current and Future Regulatory Expectations Presented By: Thomas G. Hinkel CISA, CCSA, CRISC, CCSA, CBCP VP Compliance Services Safe Systems, Inc. tom.hinkel@safesystems.com Safe Systems The Compliance

  1. Cyber Risk: the New Business Risk Current and Future Regulatory Expectations Presented By: Thomas G. Hinkel CISA, CCSA, CRISC, CCSA, CBCP VP – Compliance Services Safe Systems, Inc. tom.hinkel@safesystems.com Safe Systems The Compliance & Technology Partner for Financial Institutions

  2. Agenda • Size, Scope, and Spending • Regulatory History & Recent Regulations (Inc. CAT) • Current Threat Environment • Best Cyber Controls • Next Steps Safe Systems The Compliance & Technology Partner for Financial Institutions

  3. FDIC Cybersecurity Awareness Webinar Safe Systems The Compliance & Technology Partner for Financial Institutions

  4. FFIEC “… cyber threats [are] perhaps the foremost risk facing banks today … [and] represents one of the major, if not the major, risk facing banks today.” (Thomas J. Curry, Remarks at New England Council, Jul. 24, 2015) Safe Systems The Compliance & Technology Partner for Financial Institutions

  5. Safe Systems The Compliance & Technology Partner for Financial Institutions

  6. FFIEC “ A bank should evaluate and manage cyber risk as it does any other business risk. It is not simply the obligation of those employees in the server room, but rather an enterprise-wide initiative involving all employees .” - FFIEC Safe Systems The Compliance & Technology Partner for Financial Institutions

  7. FI Cybersecurity Spending Wells Fargo currently spends $250M. Citigroup annual budget - $300M. J.P. Morgan Chase to double spending in 2016 to $500M. BoA will spend $400M this year (2015), but could be more. “…the only place in the company that doesn’t have a budget constraint is cybersecurity.” – CEO Brian Moynihan Safe Systems The Compliance & Technology Partner for Financial Institutions

  8. How Ready Are Banks For The Rapidly Rising Threat Of Cyberattack? • “Despite the many positives that technology brings to the global banking industry, it also comes with a host of challenges. At or near the top of the list, in Standard & Poor's Ratings Services' opinion, is cybersecurity .” • “…we view weak cybersecurity as an emerging risk that has a potential to result in a negative rating actions. If we were to believe that a bank is ill-prepared to withstand a cyberattack, we could downgrade the bank before an actual attack .” Safe Systems The Compliance & Technology Partner for Financial Institutions

  9. Cyber Insurance Check for the following coverage: • IT equipment and facilities: Damage to the information assets and technology throughout the institution. • Media reconstruction • Extra expense: The extra costs of continuing operations • E-banking activities • Business interruption • Valuable papers and records: Cost to restore or replace papers and records • Errors and omissions Understand Exclusions and Limitations Safe Systems The Compliance & Technology Partner for Financial Institutions

  10. Regulatory History February 2013 - May 7, 2014 – FDIC President signs presents webinar to Executive Order ~6,500 FI CEO’s and February 6, 2015 – February 1, 2016 – “Improving Critical senior managers. November 10, 2015 – FFIEC Releases June 30, 2015 - FFIEC FDIC Supervisory Infrastructure “ Executive Leadership FFIEC updates Appendix J to BCP Releases Cybersecurity Insights publishes “A Cybersecurity,” and of Cybersecurity: Management Handbook addressing Assessment Tool Framework for Presidential Policy What Today's CEOs Handbook Cyber Resiliance Cybersecurity” Directive “Critical Need to Know About Infrastructure Security the Threats They Don't and Resilience.” See.” Safe Systems The Compliance & Technology Partner for Financial Institutions

  11. Current Threat Environment Malware – Malicious software • Often delivered via email (phishing, spear phishing) generally used to gain access to or to damage a computer or • Examples include Ransomware system. Distributed Denial of Service (DDoS) - Attack attempts to make a machine or network connected • Cannot be prevented to the Internet unavailable to its intended users. • DDoS attacks to distract a target organization while Compound Attacks – More than perpetrating another form of attack. one method of attack is deployed simultaneously. • Simultaneous attacks on the Bank and their core processor. Safe Systems The Compliance & Technology Partner for Financial Institutions

  12. FFIEC Cybersecurity Assessment Tool Inherent Risk Profile  Technologies and Connection Types  Delivery Channels  Online/Mobile Products and Technology Services  Organizational Characteristics  External Threats Safe Systems The Compliance & Technology Partner for Financial Institutions

  13. FFIEC Cybersecurity Assessment Tool Cybersecurity Maturity  Cyber Risk Management and Oversight  Threat Intelligence and Collaboration  Cybersecurity Controls  External Dependency Management  Cyber Incident Management and Resilience Safe Systems The Compliance & Technology Partner for Financial Institutions

  14. Cybersecurity Management & Oversight “The Assessment results should be communicated to the chief executive officer (CEO) and Board.” -FFIEC Safe Systems The Compliance & Technology Partner for Financial Institutions

  15. Cybersecurity Cycle Safe Systems The Compliance & Technology Partner for Financial Institutions

  16. Cyber Controls • Threat Intelligence • Security Awareness Training Employees – Entry level to  Board. Make it role specific. Contractors  Customers  Merchants  Third-parties  • Patch Management Programs Safe Systems The Compliance & Technology Partner for Financial Institutions

  17. Summary - Final Thoughts - Employees are a weak link. Train, test, retrain, retest, repeat. Customers are a weak link. Awareness training, outreach. Outsourced relationships are a weak link. • Due diligence, contracts, & ongoing oversight (SOC reports) are key. • Focus on detective and corrective/responsive controls. Safe Systems The Compliance & Technology Partner for Financial Institutions

  18. Summary - Final Thoughts - Don’t Update and test overemphasize your incident preventive response plan. controls, focus on detective and Don’t forget responsive / third-parties. corrective. Information “Self - sharing is assessments” important, but are increasingly most is just important. noise. • Challenge is converting noise into actionable intelligence. Safe Systems The Compliance & Technology Partner for Financial Institutions

  19. Final Thoughts Cyber risk is a substantial business risk. A bank’s board and senior management must understand the seriousness of the threat environment and create a cybersecurity culture throughout the organization. - FDIC Safe Systems The Compliance & Technology Partner for Financial Institutions

  20. Final Thoughts The effective identification and mitigation of cyber risk must be grounded in a strong governance structure with the full support of the board and senior management. - FDIC Safe Systems The Compliance & Technology Partner for Financial Institutions

  21. Keeping Informed - Additional Resources - • www.safesystems.com/cybersecurity/ • www.complianceguru.com • www.safesystems.com/ECAT/ • FFIEC Cybersecurity Awareness http://ffiec.gov/cybersecurity.htm • FDIC Cyber Challenge: A Community Bank Cyber Exercise https://www.fdic.gov/regulations/resources/directo r/technical/cyber/purpose.html Safe Systems The Compliance & Technology Partner for Financial Institutions

  22. Thomas G. Hinkel CISA, CRISC, CCSA, CRMA, CBCP VP – Compliance Services Safe Systems, Inc. tom.hinkel@safesystems.com www.safesystems.com www.complianceguru.com Safe Systems The Compliance & Technology Partner for Financial Institutions

Recommend

Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program

Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program

Managing Cyber Risk for State Governments IU Cybersecurity Risk Management Program Multidisciplinary (Law, Secure Computing, & Business) Built on IUs Cybersecurity Certificates Applied Cybersecurity Risk Management Capstone

1.22k views • 75 slides
Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management Association Date: August 18, 2016 Agenda An Overview of Cyber Risk Exposures 1. Legal & Regulatory Trends 2. Marshs Cyber Risk Management

649 views • 31 slides
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk

Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech Information Security Center Georgia Tech

763 views • 16 slides
Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Introduction Systemic Risk Cyber as systemic Conclusion Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics www.systemicrisk.ac.uk June 10 th 2016 Introduction Systemic Risk Cyber as systemic

351 views • 24 slides
Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to prepare for Cyber Risk: 3 2 1 Understand the tech & Cyber insurance Focus on company interconnected risks culture 2 Policy: Protection &

774 views • 18 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Risk How to assess risk? Javier Estrada No universal agreement about it IESE Business

Risk How to assess risk? Javier Estrada No universal agreement about it IESE Business

Emerging Markets (II): Risk Javier Estrada ADFIN Winter/2014 1. Risk in EMs Introductory issues Wrong focus and implications Political risk: Assessment and incorporation 2. Where to Account for Risk? Possibilities

637 views • 10 slides
Business Strategy Risk Assessment Risk Assessment Nikolaos Karanasios Assistant Professor CEO

Business Strategy Risk Assessment Risk Assessment Nikolaos Karanasios Assistant Professor CEO

Business Strategy Risk Assessment Risk Assessment Nikolaos Karanasios Assistant Professor CEO of the Serres Business & Innovation Centre 05 Risk concept Risk concept Definitions Risk types Risk origin Risk calculation

282 views • 12 slides
Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cambridge Centre for Risk Studies Advisory Board Research Showcase 24 January 2017 Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies Largest Cyber Data Exfiltration Event: Yahoo August 2013

296 views • 18 slides
Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino, CSG International Cindy Stevens, Colorado Springs Utilities Agenda What is Cyber Insurance Overview of Cyber Risk Quantifying Cyber

508 views • 23 slides
Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As

Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As

Cyber insurance covers the losses relating to damage to, Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As a business of any size, it is likely you will rely on information technology (IT)

253 views • 6 slides
Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Analysis Biosafety Risk assessment, Risk Risk analysis encom passes Management & risk risk assessm ent, risk communication m anagem ent, and risk com m unication. Ephy Khaemba International Livestock Research Institute

506 views • 11 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at

Cyber Risk Trends: Q1 2017 Sponsored By: Cyber Risk Trends: Q1 2017 Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Many Thanks to our Sponsor! About Advisen Advisen

530 views • 39 slides
PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models

PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models

PREDICTIVE MODELING CONFERENCE Data Workshop Cyber Risk Models Loss Aggregation Models Advisens Data Assets CYBER RISK MODELS Cyber Case Count over Time Cyber Cases Entered per Day Case Type Composition Total : 21,817 Distribution

967 views • 51 slides
Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation Services in Cyber Insurance Underwriting www.advisenltd.com Paper Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant

671 views • 22 slides
Means Business Addressing Your Organizations Risk Assessing Climate Risk at Your Business

Means Business Addressing Your Organizations Risk Assessing Climate Risk at Your Business

Climate Change Means Business Addressing Your Organizations Risk Assessing Climate Risk at Your Business Areas of Business Impacted Operations Safety Equipment Supply Chain Buildings Pittsburgh Region Climate Impacts Temperature

1.12k views • 14 slides
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and

Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and

Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and Data Specialist James Penafiel , Underwriting Supervisor, Insurance Operations PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM CFPC Conflict of

498 views • 33 slides
What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

Cyber Risk and Cyber Risk Insurance: What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017 Management Summary Research Approach: Overview of the main research topics in the fields of cyber risk and

579 views • 12 slides
Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

AUGUST 25, 2015 Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks Tyler Gerking, Partner David B. Smith, CPCU, ARM, Insurance & Risk Management Consultant What is Cyber Insurance?

368 views • 10 slides
Risk Alert or Risk Averse for Business Sustainability Business Sustainability G. Simpson, FCII

Risk Alert or Risk Averse for Business Sustainability Business Sustainability G. Simpson, FCII

Risk Alert or Risk Averse for Business Sustainability Business Sustainability G. Simpson, FCII Agenda Perspectives on Risk Emerging Trends on Risk Management RM and Sustainability Everything Matters Everything Matters

438 views • 31 slides
Cyber Risk Trends: 2016 Year in Review Webinar: Tuesday, January 24 @ 11am EST What was trending

Cyber Risk Trends: 2016 Year in Review Webinar: Tuesday, January 24 @ 11am EST What was trending

Cyber Risk Trends: 2016 Year in Review Webinar: Tuesday, January 24 @ 11am EST What was trending in cyber risk in 2016? What are the implications as we look to 2017? Cyber Risk Trends: 2016 Year in Review Visit www.advisenltd.com at the end

399 views • 21 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides

More recommend