Experts Warn Businesses of Financial Impact of Cyber Risk

October 24, 2008

Experts in cyber risk, citing financial mismanagement behind the current economic crisis, are warning business executives they need to better understand how to manage their own cyber systems to avoid another crisis.

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released a new guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack.

In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses – which can come from internal networks, the Internet or other private or public systems – to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation’s top four priority security issues.

“We are experiencing a financial meltdown due to a fundamental misunderstanding and mismanagement of modern financial systems, which is generating a crisis of confidence in our core institutions. Today, all our critical infrastructures are reliant on cyber systems that are also misunderstood and mismanaged. These vulnerabilities place both our financial and physical security in jeopardy unless we update the method we use to control our cyber systems,” said Larry Clinton, president of the ISA.

He said the new guide is “extremely practical” and will assist organizations in managing their cyber infrastructure by shifting the locus of control to the chief financial officer.

Developed by a cross-sector task force representing more than 30 private and public sector organizations, The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask approaches the financial impact of cyber risks from the perspective of core business functions.

The document provides guidance to CFOs and their colleagues responsible for legal issues, business operations and technology, privacy and compliance, risk assessment and insurance, and corporate communications. It is organized in a question-based format, which makes it applicable to virtually any industry and any set of business circumstances.

“We urge all the owners and operators of our nation’s cyber systems to join with us in our joint effort to upgrade our nation’s security,” Clinton said.

Electronic copies are available for free download at