Shahran Sayyed is a Geology graduate, who changed his career by pursuing a risk management course. Shahran pursued a career in risk management in India by completing the post-graduate diploma in risk management (PGDRM) course from GRMI. In the article below he writes about the ‘importance of risk management in cyber security. Shahram is currently working with Grant Thornton, in his opinion PGDRM is one of India’s best job-oriented courses. 

What is Cyber Risk?

The threat of potential disruption to the business or to a business reputation by a cyber-attack is called cyber risk. Organizations of any size of any industry are prone to attackers. Attackers generally are motivated for financial gain. These attackers gain confidential data so that the business operations can be easily disrupted. The process of identifying potential cyber risk is called cyber risk management.

Why is it important to manage Cyber Risk?

Cyber risk management is very important for today’s business with rapidly changing technology. Both small and large organizations need to understand that the current risks related to cyber can make the organization an important target for the attacker. Even the biggest organization with a large customer base could fall victim to an attack. Cyber-attack on an unprepared business could cause damage in terms of data loss, financial impact, brand reputation, and loss of morale among the employees. Preventing attacks just by installing anti-virus is no longer enough to prevent attacks. Anti-virus is just one aspect of risk management.

Organizations need to establish and implement a risk management strategy to mitigate the risks specific to their business and to eliminate cyber-attack threats. A cyber risk management strategy can help the decision-makers about the risks associated with it on a day to day operation level. An assessment related to cyber risk will help the business to establish the likelihood of any cyber-related attacks they are vulnerable to. A cyber risk management strategy can help the business to understand the key threats which can also help to spend money and time in the right places. This will also help in preventing the risks which were identified in the assessment.

The top reasons for implementing a cyber risk management strategy are:

1. Preventing attacks and mitigating cyber-attacks: Threats to the organization can be identified by implementing cyber risk management. Risks can be addressed properly and correct defenses can be put into place with the help of a risk treatment plan. This will help to reduce threats from cyber-attacks.
2. Costs reduction and protecting the revenue: Financial gain is the motive of many attackers. Due to this, any organization can be attacked. A cyber risk strategy can help to minimize risks and mitigate the loss of revenue by the organization. Even complying with regulations related to cyber risk will help the organization to avoid hefty fines for non-compliance.
3. Increase in business reputation: The trust of clients and customers can be increased by showing them that you take cybersecurity seriously which can give you a competitive edge. Prioritizing on customer’s or client’s data will help to gain their trust. This will result in increased loyalty from customers and long-term business success.

Many organizations are having weaknesses in their cybersecurity strategy. Failure to identify and mitigate risks is a common weakness in many organizations. Some organizations also fail to follow regulations and standards in the industry.

Organizations should comply with PCI: DSS compliance and GDPR. Organizations should develop a risk mitigation plan for cybersecurity based on the vulnerabilities identified. The weaknesses in an organization’s cybersecurity strategy can be addressed with a risk management plan. A cybersecurity strategy will help the organization to see which risks they need to address and which regulations they need to follow.

Contributed by Shahran Sayyed (PGDRM Jan’20)