Report - February 2022
Over the last two years, information security, including cyber risk, has consistently been at or close to the top spot in the ORX Top Risk Reviews
There is no shortage of news regarding new cyberattacks that continue to increase in sophistication. These are executed by a wide range of potential actors looking to exploit vulnerabilities. The risk consumes a significant amount of board and management time.
Introduction to the study
Cyber continues to be a real challenge for risk managers
Discussions with the ORX Cyber community have highlighted how challenging the risk is to quantify, and therefore how difficult it is to determine an organisation’s risk exposure. This makes it tougher for organisational leaders to understand the risk and harder still to make decisions on control investment and action prioritisation.
Banks and insurers describe many contributing issues, including:
- A shortage of data and skills
- Impacts often being non-financial in nature
- The complexity of the risk.
There are questions over whether traditional risk quantification techniques are appropriate and whether sufficient investment is being made to innovate.
As a result of the challenges presented by this significant risk, ORX Cyber subscribers asked us to focus on this topic. This report is the first step to help our subscribers understand and share current and leading practices and to help develop and enhance cyber risk quantification going forward.
The report is based on information collected from 30 banks and insurers through both a survey and roundtable discussions. It provides insights into current practice, outlines challenges and benefits, and summarises potential future direction for cyber risk quantification.
Gated content stop
Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2023
Research Senior Manager - Cyber, ORX