A New Framework in Risk Management

By Kevin Richards, Managing Director, Global Head, Marsh & McLennan Companies (NYSE: MMC)

Kevin Richards, Managing Director, Global Head, Marsh & McLennan Companies (NYSE: MMC)

What are the various challenges that the enterprise landscape faces today pertaining to data management?

The world today stands at the cusp of a massive digital explosion. From wearables, autonomous vehicles to smart grid and smart delivery energy systems, everything is becoming digital and changing the way customers and businesses interact. In the wake of these evolutions, companies are at a higher risk of exposure to cyber predators that are vying to breach into business infrastructures. At this juncture, a critical question arises: whether organizations are ready to handle such vast amounts of data and all the risks that come along with it?

The ever-growing trend of digitalization is giving rise to new capabilities and innovation in terms of skills, knowledge, and processes. With every human activity now digitally recorded, more data is being generated that didn’t even exist ten years ago. We are now seeing the myriad of different cloud services and new computing capabilities offered by cloud providers. But, there exist certain areas where things could go wrong. The fact that innovation and the digital marketing mix is expanding faster than cybersecurity infrastructures make organizations vulnerable to posing cyber threats. I think organizations are trying hard to stay in line with these evolving times, and thus, they have multiple incident response programs that are tested regularly.

Today, if you ask any chief information security officer about their favorite malware or ransomware software, they will go onto explain the technical nuances of how that software works. Therefore, it’s not a technological issue; rather, it’s about staying up with all the changes happening in the business at a certain point of time. Also, a degree of asymmetry is played out whenever something new (a cyber incident) is put into a business environment when the attacker happens to be in the right place at the right time. In such scenarios, the security defenses frequently fail in quickly reacting to the threat, and this according to me, is the biggest challenge that our technology teams are up against.

Can you please elaborate on any significant projects that you are currently working on at Marsh and how are you helping your clients become more fiber resilient?

We comprehend the cyber risk landscape in several different ways. While working with a wide array of clients over the years, we have realized that cybersecurity teams are fundamentally focusing on the technological capabilities of their program. These capabilities include the kind of firewalls or encryption being used or the type of data loss prevention or identity management program that is implemented to protect the business. We are also recognizing the ways of making these real for the industry by creating the maximum impact of investment and reducing the risk.

Even though organizations look at various audit reports and technological readiness reports, they fail to articulate the cyber exposure in terms of dollars from an enterprise risk perspective. So, we at Marsh are trying to bridge the gap between the technological understanding and business impact as a result of those moves. We are also helping companies engage in conversations around the strategies they can formulate in investing their dollars intelligently to create strong cyber resilience. At the end of the day, our purpose is not to protect servers but shield businesses and safeguard their customers’ critical data and reputation. Thus, we are trying to build a bridge between technology and business speed by looking at such conversations in objective terms.

"our purpose is not to protect servers but shield businesses and safeguard their customers’ critical data and reputation"

With all these digital transformations happening, how do you envision the future in this landscape?

Organizations think that we are at the end of the digital journey, but I truly believe this to be the beginning. In the next 20 years, not just the digitization of business processes will continue to accelerate but also the way B2C interactions take place will change. And, the cyber exposure will be the lion’s share of the exposure, be it in transportation, logistics, manufacturing, or retail industry. These sectors have impacted business investments in the scale of hundreds of billions of dollars, not because of damage to a product but due to the fact that they couldn’t ship it or accept the order. I think this is going to be the new domain of exposure and we have only scratched the surface of the potential business interruption caused due to cyber malware.

What would be your single piece of advice to colleagues or aspiring professionals in the field who are looking forward to embarking on a similar venture?

My one piece of advice to all of them is that you need to break down all business problems in terms of financial exposure into manageable chunks. By doing this, you can do the math to come up with some objective numbers and identify what we are up against. Further, you can develop a technology program or formulate a practical roadmap to successfully change the future of your cyber risk journey in a much more objective and quantified way.

Weekly Brief

Read Also

A Cloud Services Security Playbook

A Cloud Services Security Playbook

Arun DeSouza, CISO & CPO, Nexteer Automotive
Managing Access-Point-Risk without Interfering Too Much With Business Processes Efficiency.

Managing Access-Point-Risk without Interfering Too Much With...

Luther Uthayakumaran, Head Strategy and Innovation, Sydney Water
Is your carrier keeping your SMS Two-Factor Authentication Secure?

Is your carrier keeping your SMS Two-Factor Authentication Secure?

Steve Buck, Chief of Security Business Unit, Mobileum
How Modernized Encryption Standards and TLS 1.3 May Impact Your Security Strategy

How Modernized Encryption Standards and TLS 1.3 May Impact Your...

Ben Schoenecker, CISSP, Director of Information Security, Hendrick Automotive Group
White Box Cryptography (WBC)

White Box Cryptography (WBC)

Dr. Tsirinsky, CTO, E.S. Embedded Solutions
Vulnerability Management - Don't Guess

Vulnerability Management - Don't Guess

Angelo Murano, CISSP, CRISC, CISM, Head of Information Security-ING Americas