Cyber risk: IT and risk functions disagree on best approach, survey shows

Published on Sat, 04/11/2017 - 12:38

Airmic and Chubb to host workshop on how to bridge the gap


Risk managers and IT professionals are taking divergent approaches to managing cyber risk, leaving businesses exposed, according to research published by Chubb last month, the results of which will form the basis of an Airmic workshop on Thursday 16 November.

The survey of senior risk and IT managers from over 250 European businesses, revealed a gulf between the two disciplines on key questions such as who should take responsibility for cyber, the severity of the risk, and how best to manage and mitigate the threat.

Book now: Cyber Risk - Where IT and risk management clash. 16th November 2017 10:00 - 13:00

Airmic has repeatedly called for greater collaboration between risk and IT functions to tackle one of the most challenging threats of our times: cyber risk. Starting that conversation, however, is not always easy.

Chubb is hosting an Airmic Academy session at the Devonshire Club, Devonshire Square, London, to explore the differences in perceived threats between risk managers and IT professionals, and to discuss ways of increasing collaboration, including how insurance can bridge the gap.

The Academy is open to all Airmic members. For more information and to book a place, register here.

For example, IT professionals are more likely to expect a severe cyber impact - evidence that not all organisations have reached a single view - while IT respondents also think more highly of their abilities to resolve matters than their counterparts.

“Both IT and risk professionals have a large stake in protecting the business but our research has demonstrated that there is little consensus between them on how best to mitigate cyber risks or even which department should take the lead in doing so,” commented Lauren Webb, London cyber underwriting manager at Chubb, who will be presenting at the joint Airmic-Chubb workshop Cyber Risk - Where IT and risk management clash (see box).

Cyber risk is an issue once considered the domain of an organisation’s IT function, but is increasingly viewed as a crucial c-suite priority involving functions as diverse as risk, legal and HR. Ms Webb said that only by working more closely together can they provide genuinely effective strategies: “It is not solely for the risk manager to overcome the problem, just as it shouldn’t be left entirely to the IT team to tackle either. The key is better cross-departmental collaboration and an ERM approach to managing the risk.”

Lauren Webb - London cyber underwriting manager, Chubb