Prepare now and talk to each other about what you're doing, IRM members told in Liverpool
Organisations need to work together and apply effective risk management principles to tackle the rising threat of cyber crime, delegates at the Institute of Risk Management (IRM)’s annual Professional Development Forum in Liverpool were told.
Paul Dwyer, cyber crime expert and Security GRC Principal at telecoms company Eircom, told the conference that cyber crime, including fraud, theft of data, extortion and intrusion, now cost the UK alone an estimated £27bn per year.
A virtual criminal economy is now in operation with its own recruitment, training, marketing, advertising and support services, he said.
Criminals who buy and sell data and services online can now even rate each other, e-bay style.
Dwyer argued that the cyber crime risks faced by organisations should be clearly owned by Chief Risk Officers, emphasising the speed at which an attack can happen and the need for being prepared in advance.
Organisations need to work out what threats are relevant to their organisations and conduct a cyber risk assessment, following established risk management principles.
Generally organisations are not exposed to cyber crime risks because of failures in technology but because of problems with people, processes and behaviour, added Dwyer.
Solutions therefore need to be at an enterprise risk level rather than delegated to the IT department.
Dwyer also urged organisations to talk to each other and openly share their experiences to keep ahead of current threats.