Ignorance Not Bliss: Cyber Risk Management Found Lacking


Despite increasing cyber attacks, significant losses from operational downtime, and further governmental regulation, companies are still not taking measures for basic responsibilities for cyber governance, or even securing available insurance. A recent Carnegie Mellon CyLab 2012 Report provides the following recommendations:

Businesses should: 1) Establish policies to protect from attack, data breach, and data misuse, 2) Identify responsibilities and assign roles to management, 3) Verify qualified persons are retained to monitor privacy and security, 4) Establish periodic reviews of internal and external risks, and regulatory compliance, 5) Establish policies to respond to an attack or breach, 6) Provide adequate budgeting to allow sufficient response to risks, 7) Conduct annual audits of to determine the effectiveness of controls, and 8) Evaluate the adequacy of insurance coverage.

LOADING PDF: If there are any problems, click here to download the file.