This week, we speak to cyber risk specialist Phil Hodgins, accredited by the Institute for Risk Management, about the dangers that arise when online security risks are tackled by under-informed Boards.
Technology issues used to be appropriately dealt with by IT departments. Now with reliance on the Internet, on interconnectivity, on digitally stored information, cyber risk is a top level business risk.’
Phil Hodgins holds an international certificate in risk management from the Institute for Risk Management. After working in IT start-ups he moved into government and is now back in the private sector advising Boards.
‘Boards are influenced by organisations whose only business is selling security technology, marketed by painting a picture of uncertainty and fear. Many Board members come from a financial background and are not technologically savvy. Telling them they need to buy something to solve the problem can be counterproductive. Some respond, “It’s just like Y2K 15 years ago. In reality the bad picture you paint is never going to happen.”’
Phil argues Boards need to be shown how to manage cyber risk in proportion to their situation and risk appetite.
‘For instance, within retail banking, threats are mostly theft of personal data. A mining company will have high value commodities and exploration information which could provide competitive advantage to another organisation or a State. Sony was hacked for political reasons.
‘One organisation may not want to invest much and sit in a reactive posture, with a team responding when cyber incidents arise. At the other end of the spectrum, some want an intelligence feed to see how particular threats are starting to manifest themselves and growing. They make real-time business decisions conferring competitive advantage.’
Phil takes a holistic professional approach. ‘There are people, process and technology elements to managing cyber risk. With all the technology in the world, without staff that can use it or are trained to know when something is not quite how it should be, you have an unbalanced solution.’
Professor Andy Friedman, CEO of PARN
First appeared in Newsweek, edn. 3 April 2015