The importance of defining and achieving an optimal and unique “cyber-defensible position” for your organization.
Given the rising scrutiny from both regulators and the public, the impact of an ineffective cyber security strategy can cause unprecedented damage to an organization. Boards and company executives need to be prepared to defend their cyber security position, which involves a full understanding of the context they are operating in, the assets they are trying to protect, and their ability protect them.
What is it that allows one organization to avoid the fallout of a cyber-attack while another suffers brand damage?
It is the ability to identify, achieve and maintain an appropriate cyber-defensible position. More than simply a set of cyber controls and governance frameworks, a cyber-defensible position is about ensuring that Risk Committees, Boards and executives are taking a holistic view and the appropriate measures to manage cyber risk.
In this article, we look at the 3-step methodology for organizations to define their own cyber-defensible position, and the positive implications that a successfully established position can bring.
We also introduce ‘Red Teaming”, a more rigorous hands-on cyber security assessment to provide decision makers with a more realistic understanding of their vulnerabilities and weaknesses. Our physical testing and phishing exercises for client organizations tend to uncover risks and vulnerabilities that were either unknown or underestimated by the Board.
Security control attestation programs and frameworks will be part of the solution, but those that truly want to understand the risks they face in today’s business environment will need to take a more aggressive and hands-on approach to assessing their cyber risks.
Learn more about the issues in the article, and feel free to reach out to us for a quick discussion on how we can assist you in identifying and achieving your cyber defensible position.
© 2018 KPMG LLP, a Canada limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.