During the first week of October, three Risk Management and Insurance students attended the RIMS Cyber Risk Forum in Seattle. This two-day event was a valuable opportunity to hear from a broad range of speakers. It was also a great time to network with cyber risk professionals and peers from other universities.
The distinguished speakers and participants had extraordinarily diverse backgrounds and experience in dealing with cyber risk. The presentations and discussions at this event:
- led us to a better understanding of quantifying cyber risk,
- demonstrated strategies that strengthen resiliency to cyber breaches and the prevalence of insider threat, and
- made us aware of the formulation of new approaches to cyber breach solutions.
A popular session was A Holistic Approach to Quantifying a Firm’s Cyber Risk for Actionable Benefits. Dr. Shaun Wang and Ms. Julie Cain identified challenges in quantifying cyber risk, which included failure to consider knowledge and behavior of humans in key roles; hazard rate over time; and threats, vulnerabilities and controls across entire ecosystems.
Wang and Cain introduced the Cyber Risk Management (CyRim) project, which analyzes economic loss as a consequence of cyber breach. This project applied two key concepts: hazard rate, which is the instantaneous rate of cyber breach during a given time-to-real-life event; and knowledge set, which is used to form a risk management framework. They used two recent cases, Coin Check and Equifax, to test this approach. This session helped us form a framework to quantify and then reduce risk—including risks from third-party vendors.
Thank you to national RIMS for sponsoring our visit. Additionally, thank you to the UW Risk and Insurance program for making a nomination for us, and for making the event possible.