Cyber Risk Getting Lost in Translation Warns Auriga
Poor communication of cyber risk adversely impacting board decisions.
London, United Kingdom, September 20, 2015 --(PR.com)-- Auriga Consulting Ltd (Auriga), the expert data, ICT and security consultancy, today warned that cyber risk continues to be poorly communicated to C-suite executives. The monopolisation of the risk management function by IT and security consultants and poor knowledge transference through the use of jargon, acronyms and buzzwords is frustrating efforts to move risk into the board room. This misinterpretation of risk is endangering the decision making process and ultimately future economic development. To counter this, Auriga recommends risk should be treated as a strategic dynamic process and a dialogue created and maintained with the board, with risk regularly assessed and the risk register adjusted accordingly.
Communication from the IT team to the board is essential in ensuring risk is understood, managed and acted upon effectively. According to a recent survey of large and medium sized businesses in the UK, board level ownership of cyber risk numbers just 19.4 percent, and only 16.6 percent place cyber risk in the top five on the risk register, despite the severity a realisation of cyber risk poses. To overcome obstacles in communication, risk needs to be:
· Couched in business terms that lay out risk as a strategy, with business impact analyses, projection forecasts and outcomes, and with repercussions explained;
· Referenced to people and processes within the organisation to provide a business context and not just a technological one;
· Appraised without self-censorship, such as the desire to protect existing processes or budgets, as a bias could affect the perception of risk;
· Supported by an education program which aims to improve the board’s cyber awareness now and in the long term.
In a recent interview with The Telegraph Business Leaders, Louise T. Dunne, Managing Director at Auriga, states: “There is a knowledge gap when it comes to translating cyber risk into business language for business leaders... but a third party can help bridge that gap. Developing an inhouse capability, looking at what you need, how you are going to deliver it and doing a sanity check to see if what they are delivering is appropriate and is going to provide you with the defense you need can take you away from your core business. And that’s where a third party comes in because they are focused on and offer undiluted risk management expertise enabling them to communicate threats relevant to your business.”
Jamal Elmellas, Technical Director at Auriga adds: “I have not met one business leader that isn’t highly educated and knowledgeable about risk management and the threat cyber poses to their businesses. It’s the specialists who lack the ability to translate cyber and its risks into business language that the leaders can understand and see value in. Translating cyber threats into corporate risk management and business enabling remediation is a skill set only few are able to achieve.”
To see the full interview with The Telegraph Business Leaders please go to: http://business-reporter.co.uk/video/finance/bridging-the-cyber-divide/
For further advice on communicating risk management to the board see: http://www.aurigaconsulting.com/management-systems.php
GCHQ also provides further guidance on Board Level Responsibility and how to adopt an enterprise-wide information risk management regime: https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-a-board-level-responsibility
About Auriga
Auriga Consulting Ltd (Auriga) is an expert consultancy specialising in Data Management, Information Assurance, Corporate Governance, Business Process Modelling, Analysis, ICT and Security. We advocate data as the most valuable part of your business and combine superior security and assurance knowledge with a wealth of business management consultancy and efficiency skills. Using a unique set of methodologies we embed security by overlaying it onto business process and analysing data.
Auriga is one of the most dynamic and versatile solutions providers in the marketplace today. We have worked on some of the most demanding projects in the UK for customers from the public and private sectors, advising upon security architecture and business processes, and leading the BSi’s largest audited UK organisation successfully through ISO 27001. To find out more, please go to www.aurigaconsulting.com or follow us on Twitter @AurigaConsult.
Communication from the IT team to the board is essential in ensuring risk is understood, managed and acted upon effectively. According to a recent survey of large and medium sized businesses in the UK, board level ownership of cyber risk numbers just 19.4 percent, and only 16.6 percent place cyber risk in the top five on the risk register, despite the severity a realisation of cyber risk poses. To overcome obstacles in communication, risk needs to be:
· Couched in business terms that lay out risk as a strategy, with business impact analyses, projection forecasts and outcomes, and with repercussions explained;
· Referenced to people and processes within the organisation to provide a business context and not just a technological one;
· Appraised without self-censorship, such as the desire to protect existing processes or budgets, as a bias could affect the perception of risk;
· Supported by an education program which aims to improve the board’s cyber awareness now and in the long term.
In a recent interview with The Telegraph Business Leaders, Louise T. Dunne, Managing Director at Auriga, states: “There is a knowledge gap when it comes to translating cyber risk into business language for business leaders... but a third party can help bridge that gap. Developing an inhouse capability, looking at what you need, how you are going to deliver it and doing a sanity check to see if what they are delivering is appropriate and is going to provide you with the defense you need can take you away from your core business. And that’s where a third party comes in because they are focused on and offer undiluted risk management expertise enabling them to communicate threats relevant to your business.”
Jamal Elmellas, Technical Director at Auriga adds: “I have not met one business leader that isn’t highly educated and knowledgeable about risk management and the threat cyber poses to their businesses. It’s the specialists who lack the ability to translate cyber and its risks into business language that the leaders can understand and see value in. Translating cyber threats into corporate risk management and business enabling remediation is a skill set only few are able to achieve.”
To see the full interview with The Telegraph Business Leaders please go to: http://business-reporter.co.uk/video/finance/bridging-the-cyber-divide/
For further advice on communicating risk management to the board see: http://www.aurigaconsulting.com/management-systems.php
GCHQ also provides further guidance on Board Level Responsibility and how to adopt an enterprise-wide information risk management regime: https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-a-board-level-responsibility
About Auriga
Auriga Consulting Ltd (Auriga) is an expert consultancy specialising in Data Management, Information Assurance, Corporate Governance, Business Process Modelling, Analysis, ICT and Security. We advocate data as the most valuable part of your business and combine superior security and assurance knowledge with a wealth of business management consultancy and efficiency skills. Using a unique set of methodologies we embed security by overlaying it onto business process and analysing data.
Auriga is one of the most dynamic and versatile solutions providers in the marketplace today. We have worked on some of the most demanding projects in the UK for customers from the public and private sectors, advising upon security architecture and business processes, and leading the BSi’s largest audited UK organisation successfully through ISO 27001. To find out more, please go to www.aurigaconsulting.com or follow us on Twitter @AurigaConsult.
Contact
Auriga
Sarah Bark
08456 809 837
www.aurigaconsulting.com
Sarah Bark
08456 809 837
www.aurigaconsulting.com
Contact
Categories