What the SEC and Other Regulators Are Saying About Where to Start Your CRQ Journey
There have been quite a few regulatory developments recently surrounding cybersecurity and its bedfellow, tech, or IT/ICT (Information and Communications Technology) risk. So, I thought I’d take a few lines to explore some of the salient points and what they might mean for cyber risk professionals in the coming weeks ... Read More
Can cyber risk quantification help with data privacy?
As we go through data privacy week I can’t help but think about how cyber risk quantification could help with data privacy. Naturally, my first thought was I’m not sure there is a connection. Clearly, your susceptibility to a data breach has to affect your data privacy, but does it ... Read More
Is it time to rethink traditional approaches to managing non-financial risks?
Do we need to rethink our approach to what the financial services sector calls operational risk or non-financial risk? Operational risk can be defined as “the risk that a firm’s internal practices, policies and systems are not adequate to prevent a loss being incurred, either because of market conditions or ... Read More
Communicating Cyber Risk to Investors: A Draft Form 10K Submission In line with the Proposed SEC Rules
Recent cyber attacks have resulted in serious impact to the profitability, reputation, and stock prices of companies. There is a heightened spotlight on decisions and actions of senior corporate leaders as it pertains to cyber risk management. In response, the United States Security Exchange Commission (SEC) has proposed ways to ... Read More
Reflections on Swiss Cyber Institute’s Global Cyber Conference by Paul Kelly
I recently had the honour and privilege to share a stage and panel discussion with Gaurav Banga (CEO Balbix) and Daniel Gisler (CISO Oerlikon Group) at the Swiss Cyber Institute’s Global Cyber Conference. A fantastic event held in an auspicious location with a commanding view over Zurich. The panel discussion ... Read More
Operational Resilience Regulations for Financial Services – The Role of CRQ
The Australian Prudential Regulatory Authority (APRA) is the latest financial regulator to release proposed regulations regarding operation resilience[i], prompting me to collect my thoughts on how a Balbix-style cyber risk quantification (CRQ) solution could help meet these regulatory obligations. A brief history For those of you not familiar with financial ... Read More
Why I’m Excited to be Helping Balbix
Cybersecurity risk is dynamic. A company’s exposure to it changes week by week, hour by hour. The bad guys are out there trying to find new and innovative ways to gain access to systems, either to steal money or secrets, or just to simply to make mischief. The position is ... Read More
