Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.

There was plenty of buzz at the conference around blockchain, machine learning, cyber warfare — and the imminent implementation of the General Data Protection Regulation (GDPR). However, the major theme of the event centered around the management of cyber risks.

Speak the Language of Business Risk

For many IT security practitioners, cyber risk management is a double-edged sword. It stimulates greater educational opportunities to help security professionals translate technical jargon into the language of business risk, which the C-suite and board of directors can more easily understand. This increased attention can also unleash a cacophony of competing marketing messages from different vendors — further muddying the waters and creating more confusion.

The conference also highlighted the fact that security is indeed a board-level issue. The president of the RSA, Rohit Ghai, referenced a survey in his keynote which revealed that 89 percent of respondents from the National Association of Corporate Directors (NACD) said they discuss cybersecurity on a regular basis. (This is up from 40 percent in 2012.)

Ghai also touched on the important role of collaboration in managing cyber risks. These decisions must involve multiple stakeholders, including security practitioners, risk teams, policymakers, IT leaders and even users. In the high-stakes world of cybersecurity, top executives bear personal accountability for major data breaches.

Improve Risk Management to Defend Critical Data

The 2018 RSA Conference also saw a solid lineup of sessions and workshops designed to educate security professionals on how to get a better handle on cyber risks. What was the key takeaway from these sessions? Organizations must focus on finding and protecting their crown jewels. According to Ghai, that is the only asymmetric advantage that enterprises have.

It’s more important than ever to apply and appropriately disseminate formal risk management processes for evaluating information assets and the vulnerabilities that threaten to compromise them. If this information is not managed and presented to each level of management — up to and including the board of directors — there is no way to determine how much money to apply to make the proper decisions to combat high risk. For example, there’s no point in spending $100,000 to mitigate a potential $50,000 loss.

To identify and properly protect the enterprise’s crown jewels, the data risk management plan must include repeatable processes to identify those critical assets, understand the value they represent and describe how their associated risk should be managed. This strategy requires IT, lines of business and security teams to align in the way they prioritize these risks. By making risk the common language across those groups, organizations can more effectively assign accountability and ensure the security and privacy of the enterprise’s most critical data.

In the age of data sprawl, sophisticated and resourceful cyber adversaries — and the increasing cost of a data breach — risk management can be a highly effective weapon in the fight to protect enterprise assets.

Read the white paper: Data Risk Management in 2018 — What to Look for and How to Prepare

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today