Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.

There was plenty of buzz at the conference around blockchain, machine learning, cyber warfare — and the imminent implementation of the General Data Protection Regulation (GDPR). However, the major theme of the event centered around the management of cyber risks.

Speak the Language of Business Risk

For many IT security practitioners, cyber risk management is a double-edged sword. It stimulates greater educational opportunities to help security professionals translate technical jargon into the language of business risk, which the C-suite and board of directors can more easily understand. This increased attention can also unleash a cacophony of competing marketing messages from different vendors — further muddying the waters and creating more confusion.

The conference also highlighted the fact that security is indeed a board-level issue. The president of the RSA, Rohit Ghai, referenced a survey in his keynote which revealed that 89 percent of respondents from the National Association of Corporate Directors (NACD) said they discuss cybersecurity on a regular basis. (This is up from 40 percent in 2012.)

Ghai also touched on the important role of collaboration in managing cyber risks. These decisions must involve multiple stakeholders, including security practitioners, risk teams, policymakers, IT leaders and even users. In the high-stakes world of cybersecurity, top executives bear personal accountability for major data breaches.

Improve Risk Management to Defend Critical Data

The 2018 RSA Conference also saw a solid lineup of sessions and workshops designed to educate security professionals on how to get a better handle on cyber risks. What was the key takeaway from these sessions? Organizations must focus on finding and protecting their crown jewels. According to Ghai, that is the only asymmetric advantage that enterprises have.

It’s more important than ever to apply and appropriately disseminate formal risk management processes for evaluating information assets and the vulnerabilities that threaten to compromise them. If this information is not managed and presented to each level of management — up to and including the board of directors — there is no way to determine how much money to apply to make the proper decisions to combat high risk. For example, there’s no point in spending $100,000 to mitigate a potential $50,000 loss.

To identify and properly protect the enterprise’s crown jewels, the data risk management plan must include repeatable processes to identify those critical assets, understand the value they represent and describe how their associated risk should be managed. This strategy requires IT, lines of business and security teams to align in the way they prioritize these risks. By making risk the common language across those groups, organizations can more effectively assign accountability and ensure the security and privacy of the enterprise’s most critical data.

In the age of data sprawl, sophisticated and resourceful cyber adversaries — and the increasing cost of a data breach — risk management can be a highly effective weapon in the fight to protect enterprise assets.

Read the white paper: Data Risk Management in 2018 — What to Look for and How to Prepare

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today