Cisco’s risk head: Why risk managers and IT need to join forces

Cisco’s risk head: Why risk managers and IT need to join forces | Corporate Risk & Insurance

Cisco’s risk head: Why risk managers and IT need to join forces

Cyber risk is only getting “bigger and badder,” and, as a result, risk managers and IT teams need to improve their communication and start speaking the same language, according to tech giant Cisco’s risk head.

Threats like ransomware are growing, and fast. According to Cisco’s 2017 Annual Cyber Report (ACR), ransomware is growing at 350% a year. It is thought that by the end of 2017, the global cost of ransomware attacks was more than $5 billion, according to the Cybersecurity Ventures report.

“We are all struggling with cyber. It’s a very difficult risk to put your arms around, because it’s coming from so many different directions,” Leslie Lamb, director of risk and resilience at Cisco, told Corporate Risk and Insurance.

“Unless we start to talk together internally with our CISOs or IT experts, it becomes very difficult,” she went on to say.

At the moment, risk managers and their corresponding IT teams typically aren’t speaking the same language, according to Lamb. And while risk managers can’t be expected to become ‘IT people’, more work needs to be done on fostering collaboration between the two sides.

“I think we have to cross the aisle, and start to learn a little bit about each other’s expertise,” Lamb said. “I’m never going to be an IT expert, nor should I be. But I can start to speak a little bit of that language, start to look at how cyber impacts our company overall and our customers’ companies, and start to talk about how we might bridge some of those gaps.

“If we can get both sides talking and understanding the different perspectives, I think that helps,” she continued.

On top of internal silos, the security market itself is increasingly fragmented, making it more difficult for businesses to manage cyber risk. Almost two thirds of organizations currently use anywhere between six and 50 security products, according to Cisco’s ACR – increasing the potential for security effectiveness gaps.

“In many networks there are a multitude of vendors all being patchworked together, so they are not working cohesively – and I think that increases the potential for risk,” Lamb said.

Insurance is often underutilized too: “68% of US businesses have not purchased any form of cyber liability. Many of them are saying that they don’t feel that they have the risk, many of them are saying that they don’t feel cyber insurance will protect them,” Lamb said. “There are some real risks out there, and I think we need to start educating people.”

Earlier this year, Cisco, Aon, Allianz and Apple launched a new cyber risk management solution designed to help organizations better manage the cyber risk associated with ransomware and other malware-related threats. The offering is comprised of cyber resilience evaluation services from Aon, the most secure technologies from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz.

According to Lamb, it’s all part of a concerted push to encourage a more holistic approach to cyber.

“This whole space is so dynamic, it’s changing every single day, and we all have to keep pace with it and understand what’s coming at us,” she said. “It’s about working to see what we can do to identify those risks and quantify them to the best of our ability, and understanding the overall landscape.”