Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.

There was plenty of buzz at the conference around blockchain, machine learning, cyber warfare — and the imminent implementation of the General Data Protection Regulation (GDPR). However, the major theme of the event centered around the management of cyber risks.

Speak the Language of Business Risk

For many IT security practitioners, cyber risk management is a double-edged sword. It stimulates greater educational opportunities to help security professionals translate technical jargon into the language of business risk, which the C-suite and board of directors can more easily understand. This increased attention can also unleash a cacophony of competing marketing messages from different vendors — further muddying the waters and creating more confusion.

The conference also highlighted the fact that security is indeed a board-level issue. The president of the RSA, Rohit Ghai, referenced a survey in his keynote which revealed that 89 percent of respondents from the National Association of Corporate Directors (NACD) said they discuss cybersecurity on a regular basis. (This is up from 40 percent in 2012.)

Ghai also touched on the important role of collaboration in managing cyber risks. These decisions must involve multiple stakeholders, including security practitioners, risk teams, policymakers, IT leaders and even users. In the high-stakes world of cybersecurity, top executives bear personal accountability for major data breaches.

Improve Risk Management to Defend Critical Data

The 2018 RSA Conference also saw a solid lineup of sessions and workshops designed to educate security professionals on how to get a better handle on cyber risks. What was the key takeaway from these sessions? Organizations must focus on finding and protecting their crown jewels. According to Ghai, that is the only asymmetric advantage that enterprises have.

It’s more important than ever to apply and appropriately disseminate formal risk management processes for evaluating information assets and the vulnerabilities that threaten to compromise them. If this information is not managed and presented to each level of management — up to and including the board of directors — there is no way to determine how much money to apply to make the proper decisions to combat high risk. For example, there’s no point in spending $100,000 to mitigate a potential $50,000 loss.

To identify and properly protect the enterprise’s crown jewels, the data risk management plan must include repeatable processes to identify those critical assets, understand the value they represent and describe how their associated risk should be managed. This strategy requires IT, lines of business and security teams to align in the way they prioritize these risks. By making risk the common language across those groups, organizations can more effectively assign accountability and ensure the security and privacy of the enterprise’s most critical data.

In the age of data sprawl, sophisticated and resourceful cyber adversaries — and the increasing cost of a data breach — risk management can be a highly effective weapon in the fight to protect enterprise assets.

Read the white paper: Data Risk Management in 2018 — What to Look for and How to Prepare

More from Data Protection

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today