Boards and executives are taking cyber risk seriously now – and they’re looking to CROs to lead the charge. In 2017, C-suite executives resigned over cyber events that brought storms of investigations, litigation, scrutiny, and massive profit losses. In 2018, CEOs will empower risk managers to take centre stage in confronting cyber threat, says Stroz Friedberg, an Aon company.
Cyber risks are getting more dangerous by the day and senior stakeholders are only just beginning to understand the sheer magnitude of the threats. “Once the C-suite, the directors, and the officers realised that their positions could be at risk because of a breach, cyber risk suddenly got a lot more attention,” says Shannan Fort, cyber product development leader at Aon. “When they read about how their peers are having to resign from positions or when there are investigations into organisations around their cyber preparedness that’s requiring [their] input, then it becomes a much more tangible and real issue from the top-down.”
Key factors driving the current cyber crisis:
[2018 Cybersecurity Predictions]
Cyber security spending in 2017 was up 7% from previous years, totalling US$86.4bn, yet the area of cyber risk was still largely relegated to the IT department. Stroz Friedberg predicts a turnaround in 2018 as businesses react to the enterprise-wide, impacts of cyber attacks.
Acting as the primary point of coordination between stakeholders, CROs find themselves at the perfect location within an organisation to take on the challenges. They will increasingly move out of the risk management silo and into the C-suite. “Because [CROs] are touching so many different elements of the business, they’re able to see [cyber risk] from an enterprise perspective,” says Fort. “They’re well-positioned to understand the level of risk the company can take on in any particular [department] and every level by talking to the stakeholders in IT, HR, or the finance department."