ccro
ADVANCING PRACTICES FOR RISK PROFESSIONALS IN THE ENERGY INDUSTRY
0

Cyber Risk and the CRO

Cyber Risk Mgt Practices


Overview

In the 20 years of CCRO member initiatives, the topic of cybersecurity risks has steadily evolved from a non-issue into today’s situation where “cyber risk” is very much a key risk consideration. The SEC recently noted that cybersecurity risks have increased alongside the digitalization of operations, the growth of remote work, the ability of criminals to monetize cybersecurity incidents, the use of digital payments, and the use of third party cloud computing technology.

Today’s CCRO risk professionals want to better understand their company’s cyber risk profile, and uncover best practices available to measure and mitigate the threats identified. It is not yet clear what the best practice roles for the risk function might be in managing cyber risks. Our members currently report a wide diversity in internal policies. Yet we see there could be many parallels between best practices for effective interactions of the risk function & the front office, versus the risk function & the IT security function. Bringing best practices to the forefront is what CCRO initiatives are all about.

Current Objectives

This initiative has come together after several CCRO member discussions and presentations by topic experts at our meetings. Members want to leverage the CCRO platform to develop a resource for cybersecurity risk management best practices. At this early stage, the group has identified these areas to address:

  1. Understand implications of new SEC disclosure rules (S-K Item 106)

    • Must disclose processes for assessing, identifying, and managing material risks from cybersecurity threats

  2. Clarify the best practice role for the risk function in managing cybersecurity risk

    • What are duties for the CRO versus the CIO? Should cyber risk management practices be part of an effective risk policy? etc.

  3. Identify an effective framework for establishing effective cyber security process

    • Understand your organization’s cyber risks; Implement appropriate mitigations; Prepare for cyber incidents…details regarding all?

  4. Develop a series of webinars providing insights into best practices

    • CCRO hosts experts and solution providers to provide actionable guidelines for CROs

Interested in Joining Our Discussions? Let us Know!

If you’re interested in being part of our on-going discussions and development of CCRO materials for scenario planning - let us know!

Recent Progress

Our Advocate member ITEGRITI is in the business of cyber security and provides us with a rich source of contacts, industry awareness, and new materials to contribute to our upcoming discussions:

Recent materials for Context

Following are some related materials that will help provide some context.…

Excerpt from Integrated Risk Management Presentation,
Mike Prokop, Alliance Risk

Excerpts from ESG Meeting Transcript

Comments made about Cyber Governance in the context of an ESG discussion…

View...