• Ciaran Hosty

Key Takeaways - Evolving Cyber Risk Profile - COVID-19 Calls



Following the emergence of COVID-19, ORIC International have convened weekly catch up calls for our member firms to share ‘live’ lessons and information on their responses to this major risk event. By sharing experiences and best practices in real time, participants have a unique opportunity to benchmark their firm’s response against their peers and be more resilient.


This week, the consortium discussed the 'Evolving Cyber Risk Profile' and our speakers included Michael Sicsic (Managing Director at Sicsic Advisory and former Head of General Insurance Supervision at the FCA), David Ferbrache (KPMG, Global Head of Cyber Futures) and Paul Greetham (M&G plc, Head of Technology Risk Oversight and Assurance). The top three takeaways from the session are as follows:


A live-test of resilience capabilities


Firms should be able to clearly articulate the various impacts across the their key activities, i.e. what potential harm is there to the customer if any and how will COVID-19 influence or delay major projects? Furthermore, firms should be able to consider the impacts to their risk profile from a change in working environment (i.e. work from home) and mitigation strategies as well as co-ordinate effectively with crisis management teams to produce the desired response.


Ruthless exploitation of COVID-19 support Firms and their respective employees should be aware of the emerging cyber threats, which may include phishing emails masquerading as government support on tax and benefits advice or trojanised coronavirus impact maps. These threats may increase a firm’s exposure to ransomware, CEO fraud and Office-365 credential theft amongst others.


Work from home implications on security risks


Firms should be aware of collaboration tool usage and restrictions, ensuring that only appropriate staff with appropriate credentials are permitted access to calls and communications that may involve discussions around sensitive information in order to reduce the risk of data leakage.


Should you like further information on the sessions we have held previously or if you are a senior manager, CRO, COO or Head of Risk in charge of your firm’s COVID-19 response, then please contact Chris Watson.

68 views

© 2020 by ORIC International

Operational Risk Consortium Limited is a company registered in England and Wales with Company Number 05510364

Its Registered Office is 107 Cheapside, London EC2V 6DN. VAT Registration No. 882 3901 09