The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask - PowerPoint PPT Presentation

Loading...

PPT – The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask PowerPoint presentation | free to view - id: 1a133b-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask

Description:

Michael Castagna, Chief Information Security Officer, U.S. ... questions to ask to the major stakeholders in all corporate domains, including: General Counsel ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 15
Provided by: richard890
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask


1
The Financial Impact of Cyber Risk50 Questions
Every CFO Should Ask
  • ANSI Homeland Security Standards Panel
    (ANSI-HSSP)
  • October 2, 2008
  • 300 to 415 PM
  • U.S. Chamber of Commerce

2
Presenters
  • Moderator 
  • Ty R. Sagalow, President, American International
    Group (AIG) Product Development, and Workshop
    Leader
  • Panelists
  • Michael Castagna, Chief Information Security
    Officer, U.S. Department of Commerce
  • Larry Clinton, President, Internet Security
    Alliance (ISA)
  • Harrison Oellrich, Managing Director, Guy
    Carpenter Company, LLC
  • Regan Adams, Former Assistant Privacy Counsel,
    Goldman Sachs

3
Agenda
  • Background Setting the Scene
  • Development of an Action Guide to analyze,
    manage, and transfer financial risk for cyber
    security
  • Questions and Answers

4
BackgroundSetting the Scene
  • Cyber security is vital to the economic
    well-being of the U.S.
  • What does cyber security really mean?
  • No standard definition, but one interpretation is
    the protection of any computer system, software
    program, and data against unauthorized
    disclosure, transfer, modification, or
    destruction, whether accidental or intentional
  • Cyber security attacks can come from internal
    networks, the Internet, or other private or
    public systems

5
Background (continued)
  • Corporations use cyber systems for multiple
    purposes
  • Real-time tracking of supply chains
  • Inventory management
  • Improvement of employee efficiency
  • Generation of on-line commerce
  • Twenty-five percent of Americas economic value
    up to 3 trillion a day moves over network
    connections each day

6
Background
  • While corporations appreciate the benefits of the
    Internet, they have often failed to properly
    account for its financial risks
  • 50 of Senior Executives said they did not know
    how much money was lost due to an attack
  • Congressional Research Service estimates that the
    economic impact of cyber attacks on business has
    grown to over 226 billion annually
  • Total average cost of a data breach grew to
    approximately 200 per record compromised in 2007

7
Background
  • There is a substantial body of work dealing with
    the technical standards of cyber security
  • Plenty of attention paid to important technical
    issues, such as data encryption and best-in-class
    security technologies
  • BUT...to date, there has not been any
    comprehensive methodology for understanding and
    mitigating the financial losses associated with
    cyber risk

8
Net Financial Risk Formula
9
What Are Some of the Costs?
  • Failure of security can have costly consequences
  • Civil and criminal lawsuits
  • Lost trade secrets
  • Breach of contract, breach of privacy
  • Reputation damage
  • Business interruption, lost income

10
Development of Financial Risk Action Guide
  • To promote understanding of financial risk, the
    American National Standards Institutes (ANSI)
    Homeland Security Standards Panel (HSSP) and the
    Internet Security Alliance (ISA) launched a
    workshop

11
Development of Financial Risk Action Guide
  • The Goal
  • Create an Action Guide to analyze, manage, and
    transfer financial risk for Cyber Security
  • The Team
  • More than 30 industry leaders and governmental
    partners
  • The key to understanding the financial risks of
    cyber security is to fully embrace its
    multi-disciplinary nature, covering many areas of
    a company

12
Resolve Multidisciplinary Feed to CFO
  • A CFO needs to know the key questions to ask to
    the major stakeholders in all corporate domains,
    including
  • General Counsel
  • Chief Risk Officer
  • Chief Compliance Officer
  • Chief Technology Officer
  • Heads of Corporate Communications, Investor
    Relations, and Customer Service
  • Head of Human Resources

13
Time Table
  • The Timetable
  • First Workshop held in March 2008
  • Draft Action Guide prepared by teams representing
    the different disciplines
  • Subsequent Workshops held in May and July
  • Action Guide finalized in early August
  • Publication is being released this month,
    National Cyber Awareness Month

14
Action Guide How to get it
  • The Financial Impact of Cyber Risk50 Questions
    Every CFO Should Ask
  • Release date October 20, 2008
  • Register in advance for a free electronic copy of
    the document to be e-mailed to you early that
    morning webstore.ansi.org/cybersecurity
About PowerShow.com