Printed from

Getting familiar with information technology strengthens advisory role

Posted On: Apr. 1, 2019 12:00 AM CST

No one expects risk managers to become technology experts, but they should try to learn as much about it as they can, observers say.

“A good risk manager doesn’t necessarily have to know all the technology behind security,” said Gerry Kane, Schaumburg, Illinois-based head of cyber risk engineering for Zurich North America. But if they understand the five cybersecurity framework functions identified by the National Institute of Standards and Technology — identify, protect, detect, respond and recover — “they can bring the right resources to be there to provide risk management for their company.”

Leslie Lamb, director of global risk management for San Jose, California-based Cisco Systems Inc., said in a statement that the risk manager’s role is “to understand the risks, not necessarily to become an expert in IT and/or HR or other areas, of the business, but to become a business partner and adviser.” Brett Anderson, Los Angeles-based breach response services manager with Beazley PLC’s Breach Response Services unit, said, “Risk managers sometimes don’t know enough about” information technology.

“They need to understand it, because they are essentially transferring part of this risk to a third party that is hopefully going to help them manage that risk better,” Mr. Anderson said. “They need to constantly train themselves on how to understand the cyber risk better.”