How to build a best-in-class cyber risk plan

Your commercial client is looking to put together a best-in-class risk management plan for dealing with a cyber event. What’s the first thing they need to do?

“An ideal plan starts with developing a team,” says Ruby Rai, manager of cyber and professional liability financial lines at AIG in Canada. “Not including all key stakeholders in planning stages is often overlooked. A robust cross-sectional team includes participants from risk management, HR, legal, marketing, operations and IT. External partners such as key vendors should also be included as they can be crucial to operational resiliency.”

In the best laid plans, all stakeholders understand the organization’s cyber risk, potential threats and strategy in the event of an attack or a breach, she said.

Rai is speaking about cyber insurance and resilience as a panelist at the 4^th annual International Cyber Risk Management Conference (ICRMC). Sponsored by MSA Research, the ICRMC takes place at the Metro Toronto Convention Centre on Apr. 11-12, 2018.

In an emailed response to questions from Canadian Underwriter, Rai said certain risk mitigation strategies separate prepared organizations from…