Book review: Managing Cyber Risk

Managing cyber risk is the book for those looking to understand this new enterprise risk from a strategic perspective. The book was written by a cyber risk expert for managers and senior executives, although practitioners can also benefit from reading it. The book covers everything a senior stakeholder in an organisation needs to know to start  managing this increasing business risk.

The first part of the book introduces the challenge of cyber risk to organisations. The author did a great job introducing cyber risk, and the context surrounding it. As a practitioner, not in cyber risk but in cyber security and using security control frameworks to reduce risk exposure; I could not agree more with the author. Some of the frameworks practitioners are using are very large  and extend into other areas beyond the technical controls, these areas are supply chain, bookenterprise governance and IT risk among others. They are all equally important and add up towards the total cyber risk to an organisation; however, this is still not widely understood by organisations. Risk reduction efforts continues to be a tool acquisition exercise; being the main factor the lack of senior executive understanding of  cyber risk and its impacts to their businesses. Cyber risk is a business risk, and as such, it has to be integrated in the wider enterprise risk program and not be treated in isolation as an information technology problem.

The second part of the book presents a series of items, which are part of a cyber risk tool kit, for an effective cyber risk management program in the organisation. Each area is presented at a high level, and it covers the importance of adopting that particular practice to effectively reduce risk to the business.

The message transmitted in this book is twofold and extremely compelling for the organisation’s senior leadership.

  • Cyber claims against directors and officers are rising year on year; thus the importance to understand and act upon this new risk to the enterprise.
  • Cyber risk quantification is paramount to involve the organisation’s senior leadership and calculate the right amount of cyber insurance needed by the organisation.

Many of the subjects presented in this book are likely not new for the cyber security professional; however, it presents the cyber security challenge faced by organisations from a business perspective; thus the cyber security conversation at the technology level becomes a cyber risk conversation at the business level.

I recommend this book for all the cyber and risk professionals but specially for the technical professional interested in understanding how cyber security is measured at the business level.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s