Developing a common language to understand cyber risk - Swiss Re in the driver's seat

Hardly a day goes by without media reports of major cyberattacks in some form or another. According to ComputerWeekly, UK businesses, for example, reported a 22% jump in cyber-crimes during 2015 triggering losses of more than GBP 1 billion. The cyber threat is omnipresent. So it's not surprising that increasing concern around cyber risk continues to dominate discussions in nearly all forums across industries and public sectors.

Getting everyone on the same page

This massive headache for companies and governments is made worse by the limited and fragmented data they have to work with as they try to understand, mitigate and quantify cyber risks. A common language is needed that can help the different specialists communicate on cyber risk-related incidents in a way that is understood internally, recognised externally and provides information to help understand the risks and lessons to be learned. This need prompted the compilation of The CRO Forum Concept Paper on a proposed categorisation methodology for cyber risk. Swiss Re, led by Chief Risk Officer Patrick Raaflaub, played a leading role in the CRO Forum work on this paper. Says Raaflaub: "This project took almost 18 months to complete and I believe it represents a significant achievement given the complexity of bringing together the different views of so many stakeholders."

Compatibility with other standards

The paper sets out a methodology that was devised to be compatible with existing cyber incident reporting protocols of the IT and Risk Management communities.  It also incorporates the standards for operational risk management reporting used by ORX and ORIC, which are platforms used to measure and manage operational risk through sharing risk intelligence.  Finally, it reflects the work being done to help the emergence of cyber insurance as an effective risk mitigation tool.

Dialogue is all-important

The aim is to start a dialogue around the practicalities of a common cyber risk categorisation and the possibility of creating a shared cyber risk vocabulary. The paper encourages a dialogue that examines whether the methodology proposed can support the effective collection of useful data to enhance cyber risk management and improve cyber resilience.

"The CRO Forum welcomes feedback to explore whether the methodology can be developed to enable easy and cost-effective adoption by companies as part of their frameworks for promoting and enhancing cyber resilience," Raaflaub says. "The Forum has also been working with ORX and ORIC to understand whether the data captured can be shared to provide wider industry benchmarking. This is a vital effort and Swiss Re is proud to be part of it."

Managing our risks

Risk Management at Swiss Re aims to ensure an appropriate risk-reward balance in all of the Group's risk taking activities. This requires a strong and independent risk management organisation and comprehensive...

Read the whole story

Cyber resilience for the 21st...

The news is increasingly dominated by stories of cyber attacks on large organisations. Recent examples serve as a blunt reminder of the substantial financial and reputational impacts that such events...

Read the whole story