Get to grips with cyber risks for risk managers; Dealing with dynamics and interconnectedness
We live in an advanced, hectic, digital society in which technological developments are permanently evolving. Powerful, fast networks and new, highly automated concepts like e-health, smart cities and industry 4.0 are in full development. These developments make cyber security an increasingly more vital condition for a well functioning society. Good cyber risk management is therefore essential.
At the moment, the market for cyber security technology and services is growing steadily and is valued at over $ 150 billion in 2021. Increasing ransom ware attacks prove that society is still vulnerable. CEOs, politicians, risk managers, and other policy makers are constantly struggling making effective policy decisions in this complex field.
This is especially confirmed by research by the Cyber Security Council, NCTV (The National Coordinator for Counterterrorism and Security, in the Netherlands) and renowned market parties. Cyber criminals imagine themselves untouchable in their universe of digital attacks and infections. The identified problems are worrisome and broad: a lack of (managerial) knowledge and coordination, and the absence of adequate measures. The Cyber Security Council even draws the following conclusion: ‘There’s a lot of low- hanging fruit’. A cynical observation for those who fail to take adequate measures against hacking. Insufficient security leads to far-reaching consequences.
Effective cyber risk management requires timely intervention by managers in terms of prioritizing organisational efforts and allocation of resources. Traditional approaches to this are based on compliance with best practices, standards and frameworks (such as NIST, ISO27000 and CIS), positioning in comparable benchmarks, compliance with legislation, and reacting reactively after identified data leaks. These approaches do not take into account the dynamic and interconnected nature of cyber risks. It is precisely this complex nature of cyber risks that is decisive for the success of the cyber security strategy and programme.
The dynamic nature of cyber risks is especially and specifically reflected in the evolving tactics of the digital attacker, changing techniques and procedures, changing organisations, limitations in the available means and training, the impact of incident response, and evolving technology adoption. The interconnected nature of cyber risks is caused by the present complex dynamic relation between the behaviour of the attacker and the defence of the organisation, its business operations in IT and chain suppliers, finances and risk management. The complex dynamics in this ecosystem make it extremely difficult for risk managers to provide adequate cyber risk management. Well-known and common principles of probability and impact often appear to be counterintuitive for the very necessarily required cyber security.
This classroom course, which is divided into four parts, has the following objectives:
1. To develop the skill of thinking systemically and dynamically.
2. To discover the deep and dynamic relation between the attacker and the defence of the organisation, its business operations, IT, finances and risk management.
3. To understand that improvements in one area can lead to problems in another.
4. To learn, using the existing structures within the ecosystem, to:
a. Apply risk estimations more adequately.
b. To evaluate more efficiently the sustainability of measures.
5. To recognize early the build-up of exceptional situations (outliers and game changers) to be able to anticipate in time.
This course emphasizes that (the costs of) cyber security (are) is a joint responsibility and argues that cyber security should be considered a regular business administration and financial focus area.
This 2-day course is divided into four parts and structured as follows:
• Part 1: Unravelling the dynamic nature of probability and impact.
• Part 2: The limited sustainability of cyber security measures.
• Part 3: Dynamic aspects of logistic chains.
• Part 4: Changeability of risk profiles due to outliers and game changers.
The risk management professional, either working in business or in the public sector, who wants to make an important contribution to a solid and sustainable cyber security. Basic knowledge of cyber security is required.
This course (in Dutch) is regularly available as a webinar or in class-session in the Dutch Market through open enrollment by "NBA opleidingen". For more information on this Dutch course go to their website and search for "dynamiek in cyberveiligheid".
For training in English, other formats or international offerings, please contact us.