<img src="https://secure.leadforensics.com/85060.png" style="display:none;">

Understanding and mitigating cyber risk: Where do risk managers start?

the_threat_from_cyber_riskIf you attended or read reports from the RIMS annual conference in Denver in April or the AIRMIC conference in Birmingham, England, a few weeks ago, it won’t come as news to you that risk managers are being exhorted to take greater ownership of cyber risk. I seem to be seeing more and more articles with headlines like “Risk managers urged to play greater role in cyber risk management.”

There seems to be a consensus building that managing cyber risk should no longer be the responsibility solely of information security and information technology teams. The cover story in Risk & Insurance’s April issue, “Cyber: The New CAT,” put this new reality bluntly and prominently, right below the headline: “In every industry and at every company size, cyber risk is a foundation-level exposure that every business must confront—one that must be viewed with the same gravity as a company’s property, liability or workers’ comp risks [emphasis added].”

Topics: cloud computing enterprise risk management exposure management

ISO 27001:2005 certification: Why should risk and insurance managers care that their providers achieve it?

Just today, we announced external certification of ISO 27001:2005 compliance. This certification is the latest in a decade-long series of third-party, audit-based accreditations we have sought and attained at Aon eSolutions. I encourage you to read our press release for more information

I wanted to leverage the Aon eSolutions blog to further discuss a point we make in the press release: With independent certification, our clients are now assured that “ISO information security standards are an integrated component of all [Aon eSolutions’] business processes and technology systems.” 

Why is this an important point for risk and insurance managers and the information technology, audit, compliance and security teams they work with? The short answer, which I’ll develop more fully in this post, is that many of the high-profile data breaches you read about in the news are caused not by external hackers, but rather by broken business processes and lack of policies and procedures. Certification of ISO 27001:2005 assures Aon eSolutions customers that our business processes and polices include the components of this strong and robust standard. 

Topics: cloud computing

4 things I learned about risk data & the cloud at Broward Co. RIMS

My colleague David Bannister and I recently had the pleasure of addressing the May monthly meeting of the RIMS Broward County (Florida) chapter in Ft. Lauderdale. The topic of our discussion, Successful Cloud Implementations in Regulated Risk and Insurance Environments, prompted a lot of questions and discussions from the 35 or so risk managers in attendance.

Topics: risk management risk management software cloud computing

Risk managers getting savvy about cloud computing, cyber risk and security

At the REBEX 2012 Regional Risk Management Conference and Exhibition in September, I had the pleasure of leading a session called “Successful Cloud Implementations in Regulated Risk and Insurance Environments.” Organized by the Chicago chapter and the Wisconsin chapter of the Risk & Insurance Management Society, REBEX 2012 drew about 300 attendees.

Topics: risk management cloud computing

Join me Nov. 15 for a risk & insurance webinar on cloud computing

Cloud computing webinarRisk and insurance managers are invited to join a Risk & Insurance webinar featuring me and Emily Cummins director of Tax and Risk Management, National Rifle Association. Along with Risk & Insurance managing editor Cyril Tuohy, Ms. Cummins and I will explore the opportunities and exposures in cloud computing—with a special focus on what risk and insurance managers need to know.

Topics: cloud computing