New offering helps FM Global clients measure their overall cyber security resilience, taking into account inherent cyber risk, mitigating security controls and ability to respond to and recover from a cyber incident.
Understanding an organisation’s enterprise-wide cyber risk and providing a research-and science-based way to mitigate that risk is the impetus behind the FM Global Cyber Risk Assessment, the insurance industry’s first comprehensive cyber readiness assessment.
The new offering helps FM Global clients measure their overall cyber security resilience, taking into account inherent cyber risk, mitigating security controls and ability to respond to and recover from a cyber incident.
“Many people think of cyber risk solely as theft of information, but there is a very real physical property component that businesses need to consider,” said Jeff Tilley, FM Global vice president and manager of cyber hazards.
“This comprehensive tool assesses the potential impact of cyber risk beyond an IT perspective and provides recommendations to mitigate against that cyber threat with an overall outcome of improved resilience to protect business revenue, reputation, market share and ultimate viability.”
The FM Global Cyber Risk Assessment is a comprehensive review of a client’s cyber exposures, at both the location and enterprise levels, done by assessing a client’s ability to prevent unauthorized physical access to its facilities and information technology networks as well as its preparedness, response capability and resilience in the event of a cyber attack.
Beginning in 2019, it will also assess industrial control systems and the client’s ability to defend against malicious attacks on building systems, process control and equipment due to their increased network connectivity.
“This assessment can identify areas of cyber risk that the policyholder is not currently aware of and validate areas they’ve already identified as gaps,” said Tilley. “Risk managers can use the result to support the business case for additional security investments and to help improve relationships between information security and other areas in their organization.”