Achieve Positive Employee Engagement When Integrating Cybersecurity and ERM – 2021

View Session Recording

Speakers: Vladimir Antikarov, Risk Managers International
Courtenay Brammar, Cyber Security Case Studies
Moderator: Kevin Stine, NIST

As with other enterprise risks, effective cybersecurity risk management embeds when: senior management has well understood and prioritized the key cybersecurity risks for the organization, the cybersecurity team is focused on prevention and mitigation of these risks and employees are well informed and incentivized to sustain cybersecurity awareness. Unfortunately, the complexity and highly technical nature of cybersecurity has frequently resulted in its implementation being the exclusive domain of specialized professionals. Insufficient engagement of senior management and regular employees exacerbates practically all cybersecurity risks, increasing their likelihood and potential severity. Consequently, finding and deploying ways to positively engage them represents an important effort in managing cyber risk. Our session empowers risk managers who are not IT experts to get actively involved in cybersecurity and facilitate engagement of both their organization’s senior management and other non-technical employees. We will present an intuitive cybersecurity risk categorization, which represents an easy-access way to introduce key types of cybersecurity risk to all non-expert employees. For each cybersecurity risk category, we provide a real-life example of where the risk occurred, including how the organization in question dealt with it and the consequences.