The benefits of cyber risk governance – a Q&A with Jo Willaert
FERMA Seminar is getting closer, so now seemed like the perfect time to catch up with FERMA President and Agfa-Gevaert’s Corporate Risk Manager, Jo Willaert, on the event’s focus on the topic of cyber.
Read our exclusive interview exploring the approaches and benefits of cyber governance and the current challenges in Europe.
Cyber risk is certainly a "hot topic" at the moment. Can you explain why governance of cyber risks should be at the heart of company thinking at this time?
Indeed, cyber risk is a hot topic. As recent attacks have demonstrated, it is an enterprise issue that affects strategic aspects of the board’s mandate and, as such, the management of cyber risk has become a corporate issue that should be reflected in the governance of the company. Cyber governance should be at the heart as it helps organisations to increase their resilience to a cyber event whilst creating value with digitalization opportunities.
Alongside this, a new global legal context has emerged with European cyber laws, a strict new cyber law in China; evolving US cyber laws and others. This has been coupled with the new IT security and legal requirements for organisations, however all remain silent on the governance aspect of cybersecurity.
I suppose the key point here is that risk management readiness can only be achieved within a strong governance framework, and through a highly-coordinated approach across all departments of an organisation.
What are the benefits of a cyber risk governance group?
I can best answer this by referring to the cyber risk governance model proposed by FERMA last year. The objective is to increase cyber resilience by addressing the challenges of cyber risk identification (what is your exposure?) and quantification within the organisation, in order to propose mitigation measures to the management.
The model argues for the creation of a cross-disciplinary group to propose new ways to manage cyber risks internally – i.e. a cyber risk governance group. By being cross-disciplinary, the group has the subject and organisational knowledge to identify the most harmful cyber risks for the organisation and list the suitable responses.
Such a group would build scenarios of critical exposures that are harmful to the company and credible from an IT point of view. Validated by both business and IT teams, the analysis of these scenarios would provide a basis for initiating a meaningful dialogue with the insurance sector.
Do we have practical examples of this type of approach being put into place and the benefits that it has delivered?
We do! Such cyber risk governance schemes are possible whether in the US or in Europe. Cybersecurity issues are global and shared similarly across regions.
This has already been done as shown by the example of the American company Educational Testing Service (ETS). In fact, Julie Cain, Sr. Strategic Advisor, Information and Technology Risk Management at ETS, will be speaking at the on 9 October to present how ETS has put in place such a governance model to manage cyber risk at an enterprise wide level.
In your role as FERMA President and Board Member of BELRIM, what do you see as the main challenges in Europe today and how will this year’s Seminar help Risk Managers be better prepared to manage them?
Cyber threats will remain at the forefront of business risk together with uncertain economic growth and, therefore, the sustainability of our organisations is at stake.
This year’s seminar has been designed to provide food for thought to the risk managers and acquire insights into these two most topical issues facing organisations today. The seminar will provide: knowledge from the academic and business contributions of our experts, case studies, concrete learning outcomes including toolboxes, practical tips and theoretical models, and more.
The FERMA Seminar is an essential date in the diary. What can attendees expect to gain?
The Seminar is FERMA’s flagship event of the year. It focusses on education by acting as an international platform for the exchange of knowledge, best practices and innovative approaches to risk management in Europe. The programme itself is short and intensive and focused on the 2 issues facing businesses today: cyber and sustainability - practical and interactive.
As well as the above, attendees can expect to gain contacts to build a valuable network with peers, an exceptional exchange of experiences, and a European perspective with topics discussed at international level.
Last days to register for Ferma Seminar!
Take a look at the attractive programme on offer including the first-hand experiences of Telefonica and Maersk at this year’s from 8-9th October in Antwerp.