Total dollar loss from all referred cases was $559.7 million, **up over 110%** from 2008
Of the top five categories of offenses, identity thieft ranked second, at 14.1% of complaints; computer fraud (destruction/damage/vandalism of property) ranked fifth, at 7.9% of complaints.
The security industry readily admits that cyber-criminals are evolving their attack tactics faster than we’re evolving our defenses. How long can we continue to fall behind before we should start saying that we’re losing?
As I close out my client inquiry records for the quarter, it’s interesting to review some of the common challenges risk management professionals are currently facing. I was impressed to see how closely the issues I deal with were covered in the month’s edition of Risk Management Magazine. In an article entitled, “10 Common ERM Challenges,” KPMG’s Jim Negus called out the following issues:
Assessing ERM’s value
Privilege (of access to risk information)
(Selecting a) risk assessment method
Qualitative versus quantitative (assessment metrics)
Time horizon (for risk assessments)
Multiple possible scenarios
Simulations and stress tests
Negus provides good perspective on these challenges as well as some ideas for solutions. The list is fairly comprehensive, but there are several other challenges that I would have included based on the inquiries I get. First and foremost, the role of technology in risk management – whether for assessments, aggregation, or analytics – comes up very frequently, and vendor selection initiatives have been plentiful since mid-Q4 of last year.
Defining risk management’s role within the business (and vice versa) is also an extremely common topic of conversation. As rules and standards keep changing, this will remain a top challenge. Other frequent issues include event/loss management, building a risk taxonomy, and evaluating vendor/partner risk.