Guide - February 2023
Cyber risk is a crucial part of many financial organisations' operational risk scenario programmes. But how should firms manage these programmes and what are the common objectives?
Download a free summary of this resource, A Guide to Managing Cyber Risk Scenarios, from ORX Cyber for insights into:
- How cyber scenario programmes are managed
- What's included in the cyber scenarios
- Key challenges for cyber scenario development
- How to solve these challenges
About the guide
This guide was created in response to a high level of interest in this topic from the ORX Cyber Community. Twenty-seven financial organisations from around the globe took part in a study, completing a survey and taking part in group discussions on the topic.
Using this information, we created a resource to support our community in managing cyber risk scenarios. The full report, detailing all the findings, is available to all ORX Cyber subscribers. If you don't subscribe, then you can download a free short guide to find out more about managing cyber risk scenarios.
SMEs key to cyber risk scenarios
Financial institutions' focus on cyber risk scenario programmes reflects the prominence of information security and cyber risk across the industry. Our study showed that a vital component to a successful cyber scenario is subject matter experts (SMEs). SMEs add context, depth and breadth to data sets. In turn, driving the selection and development of storylines, estimating input values, and validating decisions taken at all stages of the cyber scenario programme.
Cyber quantification is not yet mature
The study also showed that cyber quantification techniques are not yet fully mature. Many of the participating organisations said they are looking to introduce quantification techniques soon. However, they have typically not yet defined how this will be achieved. Even if quantification techniques are introduced, the reliance on SMEs is likely to remain.
People, process and data are the biggest challenges
The survey results highlighted several challenges that are being faced by organisations when developing their cyber scenarios. These can be categorised into three main areas – people, process and data.
In the people category, SME availability and skills are key issues. The process challenges include a lack of quantification methods, while the availability and accessibility of internal and external data were identified as barriers in the data category.
Gated content stop
Head of Services, ORX