KPMG partner, security services, Gordon Archibald tells StrategicRISK why cybersecurity is less about risk elimination and more about achieving the right balance of security and innovation

Risk managers need to help their businesses balance the effects of new privacy and data legislation coming into force across the globe, KPMG, partner, security services, Gordon Archibald told StrategicRISK.

In 2017, one in two businesses was threatened by a ransomware attack, one of the fastest growing types of cyber-crime. Attacks are getting larger, more sophisticated and more expensive, according to a new blog from KMPG.

Major global brands such as Uber, Equifax and Yahoo have seen millions of user accounts compromised: 3 billion in the case of Yahoo. Cyber-crime is expected to cost more than $6 trillion globally by 2021, up from $3 trillion in 2015.

Speaking off the back of the blog, Archibald told StrategicRISK: ”In this new digital world, the role and skill set of the risk manager needs to evolve to include managing cyber as a key risk to the business. Cybersecurity is about risk management, not risk elimination, the risk manager needs to understand which risks they can accept and which can be managed, which will be achieved through working closely with the business in defining the Cyber Risk Appetite.  

”In doing so they will need to better understand the complexities of operating in a digital world and the cyber threats that could cause the greatest harm to the business today and what could cause harm tomorrow. They will need to clearly understand crucial data the business relays on for mission-critical processes.  

Risk Managers will now need to bring a business lens to cybersecurity, helping the business balance the business drivers,  privacy, data access and data protection and ultimately moving cyber to be a business enabler.”