A common language to understand digital risks will help to improve digital resilience – a new CRO Forum publication

As cybercrimes get costlier, the CRO Forum – under the lead of Swiss Re – brings out a new publication "Supporting on-going capture and sharing of digital event data" to help improve digital resilience.

Cybercrimes are costly and they are increasing in number and scope. The consulting firm Accenture together with the Ponemon Institute calculated that, on average, each company faces 130 successful security breaches – that's an increase of 27%. Ransomware attacks alone have doubled in frequency. And they are getting costlier: According to Juniper Research, by 2019, cybercrime is expected to cost businesses over USD 2 trillion, up from USD 500 million in 2015.  

So it's no surprise that digital security awareness and resilience is one of the highest priority items on all agendas and an urgent need. But what does it actually mean and how can resilience be improved?

Limited and fragmented data

Companies and governments struggle with limited and fragmented data while trying to understand, mitigate and quantify risks from the increasing digital dependency. The lack of common data, of a common understanding of what digital resilience means and even of a language that enables different specialists to communicate, not only among each other but also with the wider public, complicates an already challenging topic.

Over the last few years, the CRO Forum dedicated quite some time to the topic of digital resilience: Following the first publication in early 2015 "Cyber resilience: The cyber risk challenge and the role of insurance", a concept paper "The CRO Forum Concept Paper on a proposed categorisation methodology for cyber risk"  was published in 2016 and the Forum has just issued a new paper "Supporting on-going capture and sharing of digital event data". The new publication sets out the findings of a trial the CRO Forum conducted within its membership, supported by ORX and ORIC International, to assess whether the taxonomy developed by the CRO Forum in 2016 could produce empiric descriptions of digital events that can be accumulated internally to provide insight on the effects of digital events. These insights are being shared externally to enable benchmarking and greater understanding of relative digital resilience.

The paper explores how the taxonomy evolved during the trial and can be developed further, by incorporating other taxonomies (particularly STIX and VERIS), to improve recognition of terms across specialisms, to fit with existing processes to capture events and to increase the value of data captured for different stakeholders. It also addresses some of the challenges around establishing a common language for digital event data.

Important step to a wider dialogue

"A common language for describing digital events is key to improve understanding of the risks posed by digital dependency and the ability to transfer cyber risks. The work of the CRO Forum is an industry-led example of how a common language can work and deliver real insights. The dialogue now needs to extend to other industries and regulators to enable the consistent collection and evaluation of digital event data to the benefit of all," says Patrick Raaflaub, CRO Swiss Re and Chairman of the CRO Forum. Swiss Re (Nick Kitching, Eric Durand and Dinesh Shah) led the CRO Forum work on this paper.   

If you have questions relating to this publication or wish to contact members of the project group involved, please contact the CRO Forum.

Managing our risks

Risk Management at Swiss Re aims to ensure an appropriate risk-reward balance in all of the Group's risk taking activities. This requires a strong and independent risk management organisation and comprehensive...

Read the whole story

Cyber resilience for the 21st...

The news is increasingly dominated by stories of cyber attacks on large organisations. Recent examples serve as a blunt reminder of the substantial financial and reputational impacts that such events...

Read the whole story