One important finding of the Airmic publication Roads to Revolution was the need to improve and adapt governance to consider changing business and risk models. Airmic recently brought together more than twenty experts to discuss this topic at a round table breakfast hosted by Paragon and chaired by Seamus Gillen. The team came from the worlds of risk management, digital risk, information and security, governance, business, insurance, law and HR.
The lack of a common language was the most frequently mentioned single issue standing in the way of good cyber-risk governance. It holds the board back in building knowledge and oversight of the risks and opportunities of the digital world, and in sharing its strategic vision and risk appetite.
Airmic technical director and deputy CEO Julia Graham, who organised the event, commented: "Cyber-governance belongs within an enterprise risk management framework, with a line of communication to the board, probably through a risk committee or audit committee. Although technology information and security expertise are an essential part of the mix, cyber-governance goes well beyond the IT department."
A strong message to come from the round table was that there is a critical role for the risk manager in developing a common language for cyber-risks and cyber-risk insurance, facilitating communication and increasing awareness and knowledge. Risk professionals will maximise their chances of getting their message across by placing the discussion in a business model and value-creation context.