2018 Innovation Awards: Cyber Risk Assessment ProgramReprints
CYBER RISK ASSESSMENT PROGRAM
FM Global’s Cyber Risk Assessment Program will not only help risk managers better assess their cyber risk, it will encourage cooperation with their information technology departments, said Jeffrey Tilley, vice president and manager of cyber hazards at FM Global.
Use of FM Global’s patented tool, which is a 2018 Business Insurance Innovation Awards winner and free to FM Global policyholders, involves answering 70 multiple-choice questions.
When the questionnaire — which is not used for underwriting purposes — has been completed, policyholders immediately receive an overall cyber risk score as well as scores for their governance, insider threat management, IT security and response and recovery.
This is followed by a more in-depth report. FM Global then reviews the policyholders’ results and develops recommendations and priorities that “align with their business priorities,” Mr. Tilley said.
“Over the years, cyber’s developed as a top-tier concern for business executives, and it’s been recognized that it has to be managed as an enterprise risk,” Mr. Tilley said.
“However, cyber security hasn’t historically been integrated into risk management,” he said, noting FM Global’s clients asked for this tool. “It aligns with how we support our clients.”
“One of the cornerstones is that the majority of all losses are preventable, and that applies to cyber, too — if you understand the risk — so we developed the cyber risk assessment … to do just that, help our clients understand and manage their cyber risks.”
Mr. Tilley said it is critical that cyber risk be managed as an enterprise risk, and the tool was built to encourage collaboration between the risk manager and IT department.
“The tool itself provides the ability to collaborate on the input to the assessment, which provides those qualitative cyber risk ratings, and that’s a good starting point for a foundation to begin talking internally about the cyber risk, and how to improve their cyber resilience,” he said.
Mr. Tilley said policyholders’ reaction to their reports has ranged from those “who are a little surprised” to “some that say, ‘That’s exactly what I expected, and now let’s get to work.’”
Mr. Tilley said he hopes the tool will be used across FM Global’s entire client base. “I think it’ll be a healthy percentage if the takeup rate thus far is an indication of the future,” he said.