Key Takeaways - Evolving Cyber Risk Profile - COVID-19 Calls
Following the emergence of COVID-19, ORIC International have convened weekly catch up calls for our member firms to share ‘live’ lessons and information on their responses to this major risk event. By sharing experiences and best practices in real time, participants have a unique opportunity to benchmark their firm’s response against their peers and be more resilient.
This week, the consortium discussed the 'Evolving Cyber Risk Profile' and our speakers included Michael Sicsic (Managing Director at Sicsic Advisory and former Head of General Insurance Supervision at the FCA), David Ferbrache (KPMG, Global Head of Cyber Futures) and Paul Greetham (M&G plc, Head of Technology Risk Oversight and Assurance). The top three takeaways from the session are as follows:
A live-test of resilience capabilities
Firms should be able to clearly articulate the various impacts across the their key activities, i.e. what potential harm is there to the customer if any and how will COVID-19 influence or delay major projects? Furthermore, firms should be able to consider the impacts to their risk profile from a change in working environment (i.e. work from home) and mitigation strategies as well as co-ordinate effectively with crisis management teams to produce the desired response.
Ruthless exploitation of COVID-19 support Firms and their respective employees should be aware of the emerging cyber threats, which may include phishing emails masquerading as government support on tax and benefits advice or trojanised coronavirus impact maps. These threats may increase a firm’s exposure to ransomware, CEO fraud and Office-365 credential theft amongst others.
Work from home implications on security risks
Firms should be aware of collaboration tool usage and restrictions, ensuring that only appropriate staff with appropriate credentials are permitted access to calls and communications that may involve discussions around sensitive information in order to reduce the risk of data leakage.
Should you like further information on the sessions we have held previously or if you are a senior manager, CRO, COO or Head of Risk in charge of your firm’s COVID-19 response, then please contact Chris Watson.