Risk management, specifically enterprise-wide operational risk management, has come to the forefront of responsibilities for executive management and boards of directors. It is imperative that all stakeholders understand the emerging risks of e-business, the potential impacts of cyber-related loss to their business model, and the array of solutions necessary to adequately meet these risk management needs as they take shape. Today’s climate of rapid technological change, heightened regulatory scrutiny of technology risk, and legal uncertainties, along with the absence of standardized insurance products, makes it difficult for directors, officers, information security officers and risk managers to identify and close gaps in their institutions’ risk management and risk transfer programs. Copyright BITS April 30, 2004. Reprinted with permission. All rights reserved.
Financial institutions must maintain a high level of trust and integrity in order for e-business to grow to the fullest extent possible, embracing new technologies. The trust of financial services customers derives from the integrity of the industry’s infrastructure and information technology practices. Security is a mission-critical element that underpins this trust proposition and is integral to brand reputation. By marrying information security tools with other risk management efforts, risk can be mitigated. Yet, there is no way to be 100 percent secure. There will be residual risk created by the complex cyber-landscape. As a risk transfer mechanism, insurance can play an essential role to further safeguard the organization, its customers and its shareholders from cyber-related loss and liability exposures.