With the increase in cybercrime over the past two years, risk managers should work with leaders throughout their organizations to develop breach response plans and train all employees, a risk manager said.
“As a risk manager, you have to partner with the right people in your organization,” said Jenny Novoa, senior director of risk management and safety at Gap Inc. in San Francisco.
She was speaking Monday during a session of Riskworld, the Risk & Insurance Management Society Inc.’s annual conference in San Francisco.
Ms. Novoa said she works closely on cyber risk with Gap’s chief information security officer and chief privacy officer, who do regular audits of the company’s vendors, including cloud data storage vendors, from a cybersecurity perspective.
Internal access to data also needs to be carefully vetted, with restrictions imposed at an individual level. For example, Ms. Novoa has claims reporting staff who need access to the company’s HR systems, but she does not need access to the system, she said.
“My team has to have specialized training every year because they have access to the HR database. You have to have that process in…
