Report - February 2021
As part of ORX’s work on cyber and information security risk (CISR), our members identified controls and indicators as a key area of challenge and were keen to gain a deeper understanding and carry out peer benchmarking.
To address this, we launched the CISR Controls and Indicators Library, collecting and analysing cyber-related controls and indicators in operation, as well as the external control standards supporting cyber and information security management activities. The library has now developed into the ORX Cyber Controls & Indicator Benchmark.
Over the course of 2020, our members have shared information on the cyber-related controls and indicators they operate as part of their day-to-day risk management. In total, 28 banks and insurers contributed towards the development of the ORX CISR Controls and Indicators Library.
We carried out a review of the 2020 library submissions and have produced a report detailing our findings which is available for all ORX members to download.
Gated content stop
About the ORX Cyber Controls and Indicators Benchmark
The ORX Cyber controls benchmark is based on the NIST framework, while the indicators benchmark is ORX’s bespoke list of cyber-related indicators in operation in the industry. It has been aligned to NIST framework functions to ensure consistency of reporting and support a more holistic view of cyber risk management.
Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2023
Head of Services, ORX