Imagine you're the CFO at a firm involved in sensitive merger oracquisition discussions with your bankers and you receive an emailasking for a small bit of nonpublic information on your company,the kind you've passed on before. You send the information—andlater find you were the victim of a sophisticated cyber-attack.

|

Now imagine you're in charge of operations at a manufacturingfacility. Out of the blue, your employees report that they havelost control of key systems. It's impossible to shut down a blastfurnace correctly, endangering the safety of employees and othersand threatening massive damage. You, too, have been the subject ofa cyber attack.

|

These events underscore the new reality in cyber riskmanagement: It's no longer just an IT issue. Everyone—fromindividual employees to risk managers to your board ofdirectors—now has a stake in managing cyber risk comprehensively,across the enterprise.

|

Read on to learn about the seven key stakeholders other than theIT professionals to consider as you look at your cyber riskmanagement strategy.

|

|

(Photo: Shutterstock)

|

1. Risk manager: Risk managers can ensurevarious stakeholders are connected in terms of assessing, managing,and responding to cyber threats.   They also havethe best understanding of how the evolving cyber insurance marketand overall risk finance options also is important. Even if they'renot technology experts, they understand risk, so they're usuallythe best-positioned to coordinate cyber risk management across thecompany.

|

[Related: Introducing National Underwriter's Cyber Security Risk ManagementAward]

|

|

(Photo: Shutterstock/MonkeyBusinessImages)

|

2. CEO/Board of Directors: The CEO and thecompany's board of directors may have a fiduciary duty to assessand manage cyber risk.  Increasingly regulators, includingboth the Securities and Exchange Commission and the Federal TradeCommission, have made clear their expectation that top leadershipto be engaged on the issue. And shareholders may be starting todemonstrate similar expectations.

|

(Photo: Shutterstock)

|

3. CFO: From a financial perspective, concernsmay range from the potential costs of a cyber event to the impactcould be on the bottom line to the security of the company'ssensitive financial information. 

|

CFOs should also critically evaluate the cost/benefits ofgrowing investment in cyber security to drive the most efficientimprovements to overall cyber risk profile.

|

(Photo: Shutterstock)

|

4. Legal/Compliance: As regulations aroundcyber develop, legal and compliance roles become increasinglyimportant to evaluate regulations and inform corporate policy.

|

If a cyber incident occurs, lawsuits often follow within hours.Legal and compliance teams may help drive the appropriate breachresponse.

|

(Photo: National Underwriter Property & Casualty)

|

5. Operations: Key managers often are a firstline of defense against cyber events. Should an  eventoccur, they are critical to supporting the response and helpingmaintaining daily operations, business processes, and workplacestability.

|

(Photo: Shutterstock/Filipe Frazao)

|

6. Human Resources/Employees: The human elementof cyber risk cannot be overlooked.  Simple errors—ordeliberate actions—by employees can lead to costly cyber incidents.Training on best practices is critical, especially with the rise insophisticated "spear phishing" attacks targeting specificemployees.  

|

And in an era of Bring-Your-Own-Device, employers should have aplan for dealing with personal devices used by employees who leavethe company.

|

(Photo: Shutterstock/kidsana maimeetoo)

|

7. Customers/Suppliers: Interactions withcustomers and vendors can open you up to an attack. You need tounderstand the protections they have in place so they don't becomethe weak point in your cyber defenses.

|

You should clarify in your contracts how to collectively respondto cyber events, as cyber risk can develop anywhere along thesupply chain.

|

Protecting your organization's data and individuals' privacy isbecoming more difficult by the day. Successful cyber defensestrategies are comprehensive and multi-pronged. A criticalcomponent requires understanding and defining the roles andresponsibilities of all key stakeholders.

How can you transform your risk managementpreparedness and response strategy into a competitiveadvantage? Introducing ALM's cyberSecure — Atwo-day event designed to provide the insights and connectionsnecessary to implement a preparedness and response strategy thatchanges the conversation from financial risk to competitiveadvantage.  Learnmore about how this inaugural event can help youreduce risk and add business value.

Tom Reagan is the Cyber Practice leader within Marsh'sFinancial and Professional Products (FINPRO) Specialty Practice.Located in Marsh's New York office, Tom oversees client advisoryand placement services for cyber risk throughout the country. Inaddition to his management responsibilities, Tom also serves as thesenior cyber advisor for some of Marsh's largest clients. Thisarticle was first published on Marsh's website.