Institute of Enterprise Risk Practitioners Menara ...marim.org/wp-content/uploads/MARIM-Conference_RameshPillai_Cyber-Risk.pdf · No. 13A, Jalan PJU 5/1, Kota Damansara PJU 5, 47810

This document is confidential and unless otherwise stated all copyright belongs to Friday Concepts International Reproduction in whole or in part

andor distribution in whole or in part without prior written consent from Friday Concepts International is strictly prohibited

CYBER RISK

Ramesh Pillai

Group MD Friday Concepts (International)

London Singapore Malaysia Indonesia United States Shanghai Oman

International Secretariat

Institute of Enterprise Risk Practitioners

Menara Mitraland D-19-07

No 13A Jalan PJU 51 Kota Damansara

PJU 5 47810 Petaling Jaya Selangor DE

Malaysia

Tel +603 ndash 2381 1900

Fax +603 ndash 7611 0707

Email enquiryinsterpcom

wwwinsterpcom

Global Head Office

Institute of Enterprise Risk Practitioners

49 Greek Street

London W1D 4EG

United Kingdom

CYBERSECURITY

INTRO



A Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW) as well as the Malaysian Institute of Accountants (MIA)

a Certified Risk Professional (CRP) a certified Enterprise Risk Manager (ERM) a certified Islamic Enterprise Risk Manager (ERMi) a

Qualified Risk Director (QRD) and a Qualified Risk Auditor (QRA) Ramesh was also a Regional Director for the Global Association of

Risk Professionals (GARP) and was instrumental in the creation of the Malaysian chapter of the Professional Risk Managers International

Association (PRMIA) He is an Islamic and Conventional Risk Management resource for the Qatar Investment Authority and is listed in their

Q-Finance Directory Ramesh was a former Risk Management mentor on the ICEAWrsquos Regional F-TEN program and is a member of the

Advisory Board and also on the Panel of Experts of the GlobalRisk Community Ramesh has also been named a Paul Harris Fellow of the

Rotary Foundation of Rotary International in appreciation of tangible and significant assistance given for the furtherance of better

understanding and friendly relations among peoples of the world

With over 30 years of Risk Management experience he is also a recognised Global pioneer in Enterprise Risk Management and in the

implementation of ISO 31000 ISO 31004 and 31010 practices Ramesh started his career with Price Waterhousersquos Financial Institutions

specialism in London gaining experience in Audit Consultancy and Corporate Finance assignments Succeeding the seven years there he

went on to become the Director of Finance and Administration at Picker International Ltd in London In 1994 he spent a year as the Chief

Financial Officer of Rank Video Services (Europe) Limited before accepting a more challenging job experience through an international

assignment Ramesh was handling the responsibilities of a few roles and travelling between Singapore Malaysia and Indonesia as the Acting

Regional Financial Controller cum Senior Regional Financial Analyst as well as the Indonesian Financial Controller as well as Deputy

Country Head for PowerGen International a FTSE 100 (London) listed company in the power and energy industry

Upon leaving PowerGen he headed the Portfolio Management and Credit Administration functions in Citibank before accepting a position in

a National Asset Management Company as the General Manager of the Risk Management Division There Ramesh was responsible for

establishing the Enterprise Risk Management function and Risk Management Policy as well as formulating and documenting the various

procedures and policies relating to the Operations of the National Asset Management Company During his tenure there Ramesh spent a year

on secondment to helliphelliphelliphelliphelliphelliphellip(continued on next page)

Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitioners

Ramesh Pillai is the Chairman of the Board of Governors of the International Institute of Enterprise Risk Practitioners(IERP) as well as being the Group Managing Director of Friday Concepts an International ERM (Conventional andIslamic) BCM Governance Risk Management and Compliance boutique consultancy He is currently a Director ofthree leading Financial Institutions and a former Director of one Developmental Financial Institution His Boardexperience encompasses chairing the Board Risk Management Committee and Board Audit Committee and being amember of the Board Collaboration Committee Investment Committee and Remuneration Committee He is also anominee Director for a Regional Central Bank Additionally Ramesh is the former Risk Management Adviser to thePublic Trustee and one of the largest fund managers in the Region as well as to one of the largest Islamic fund managersin the Region Ramesh holds a Bachelor of Economics with Accountancy (Honours) degree from LoughboroughUniversity in the UK As part of his degree course Ramesh specialised in Economics and Banking in general andIslamic Banking in particular

2



the Central Bank where he was involved in heading a national interest project working closely with the Central Bankrsquos staff in general and

the Bank Regulations Bank Supervision and Islamic Banking teams in particular He was also involved in presentations to the National

Syariah Advisory Council in an advisory capacity

Following his assignment at the Central Bank Ramesh moved back into the Banking sector where he was the Chief Risk Officer for

regional Conventional and International Islamic Banks His responsibilities included guiding and coordinating the grouprsquos Operational and

Enterprise Risk Management initiatives

Ramesh is also a member of the MBA (Enterprise Risk Management) Studies Committee in a leading Private University He has published

articles in international publications presented various papers on Risk Management in general and Enterprise Risk Management in

particular Corporate Governance and Bank restructuring issues at National Regional and International forums and is currently writing a

book on Enterprise Risk Management

Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitionershelliphellipcontrsquod

3



About the Institute of Enterprise Risk

Practitioners (IERPreg)In todayrsquos increasingly digitalised and highly inter-connected and competitive business worlddisruption and turmoil has become the new norm Boards and business professionals areconstantly looking out for that extra edge to provide and ensure organisational sustainabilityresilience and agility ndash the cornerstone and end-game of Enterprise Risk Management (ERM)

Recognising this critical need for sound ERM knowledge and good ERM practices across allorganisational layers and business sectors THE INSTITUTE OF ENTERPRISE RISKPRACTITIONERS (IERPreg) was established by dedicated and highly experienced BoardDirectors and industry practitioners to holistically address these shortfalls and to make theseskills accessible globally

The IERPregrsquos pioneering innovative and global industry-leading training and certificationprograms are designed for all levels of stakeholders in any organisation who in one way or otherdeal or struggle with Governance Risk and Compliance (GRC) issues in their daily operationsandor decision-making All of the IERPregrsquos programs incorporate practical learningmethodologies and promote international ERM standards and practices in a practical andcommercial context as well as to highlight ERMrsquos linkage to strategy performance ethicsBusiness Continuity and good corporate governance

Membership of the IERPreg and participation on the IERPregrsquos programs is critical for VisionaryBoards business leaders and business professionals who are looking for something that will setthem apart from the crowd and launch them on a trajectory to strategic excellence 4



RIS

KA

SSU

RA

NC

E

RISKOVERSIGHT

RISK DRIVERS

RISKCHAMPIONS

The IERPregrsquos Certification Framework

RISK LEADERS

BCM

BUSINESS CONTINUITY MANAGEMENT



Selection of the Participants of the IERPreg Program



Corporate Profile of Friday Concepts Friday Concepts the consulting arm of the IERPreg specialises in ERM Governance BCM

and Islamic ERM

Sample of services provided

Enterprise Risk Management

Enterprise Governance

Business Continuity Management

Investment Risk Management

Islamic Finance and Islamic Corporate Finance Advisory (including the establishment of

Islamic Banks and Takaful Companies)

Financial Risk Management (including Credit Operational and Market Risk)

ERM and Strategy support to Boards and Senior Management teams

Strategy Consulting

Training

Offices in Kuala Lumpur Singapore and Jakarta United States and Oman

Experienced in Public and Private sector organisations

Consultants are Risk Management practitioners with International experience across a wide

range of industries including

State and other Development Agencies Manufacturing

Financial Services Property Development Management

Healthcare Services Shipping

Entertainment Oil amp Gas

GovernmentRegulators Plantations

Practical approach to assignments and problem solving 7



Selection of clients our Consultants have been associated with

FRIDAYThis document is confidential and unless otherwise stated all copyright belongs to Friday Concepts (International) Reproduction in whole or in part

andor distribution in whole or in part without prior written consent from Friday Concepts (International) is strictly prohibited

Think

broadly

about

Value

A pro-active approach to ensure the long-term viability resilience and integrity of thebusiness by optimizing resource needs reducing environmental energy or socialimpacts and managing resources while not compromising profitability

Think broadly about issues and impacts

Engage and partner with stakeholders

Make connections amp integrate sustainability within and across our business

9

rsquos Interpretation of

SustainabilityFRIDAY



Business and Sustainability

Human Resources

VBM EHS FIRST Finance Operations

Continuous Improvement

Government Relations MarketingProcurement RampD

hellip

hellip

Climate Change

Human Rights

Economic Diversification

Water

Corruption

Governance

Biodiversity

Outsourcing

Low Cost Country Supply

hellip

Evolution from good to best practice hellip

Necessary for Commercial Resiliencehellip

Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip

Developing Peoplebull Recruitment and retention

strategies bull Leadership and individual

developmentbull Trainingbull Competencies based on

sustainabilitybull Annual objectivesbull Compensation

Evolving Business Systems amp Valuation

Approachbull 5 year plan bull Annual planbull Capital Allocationbull Quarterly Business

Performance Reviewbull Intangible value

determined and included in business decisions

Enhancing Stakeholder Capabilities

bull Company-wide guidance

bull Indigenous Policybull Human Rights aspects

integrated in current practices

ldquohellip itrsquos not about managing issues Rather itrsquos about being

equipped to succeed in a more complex setting helliprdquo

10



The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value

OperatingRisk

Credit Risk

Model Risk

Entrepreneurial Risk

Regulatory Compliance Risk

FutureWhite Space

bullTarget Models Lifetime Value ModelsbullChurn Models Discount Engine ModelsbullUpsell Models Sales Territory Models

bullPublic Relations amp Marketing InitiativesbullIndustry CoalitionsbullClientCPA Webinars

bullEDI ProgrambullRCX Stale Date FeesbullTaxpay Premium Processing Fee

bullFederal Deposit Frequency ProgrambullClient Penalty Abatement ServicebullIRSPaychex Partnerships

bull$100M Revenue Over Past 5 YearsbullEGTRRA RestatementbullPBS HRO 401(k) Service Fees

Risk Management

A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value

Value Preservation to Value Creation



The Rewards and Risks of

Information Technology Virtually every essential business function performed today uses information

technology making IT both a key business enabler and a critical business risk

The task of balancing business and employee demands for greater connectivity and

access to information with the security concerns that may arise from granting those

requests is complex and challenging

Each device or software application used can help facilitate new business

opportunities but those technologies also have the potential to be used to infiltrate or

harm the business

Balancing the rewards and risks associated with the use of smart phones and other

mobile devices by employees andor board members is just one example of the

growing challenges that Boards and corporate cybersecurity professionals face

Mobile devices facilitate working remotely but the microphones and cameras in those

devices that enable business functionality can also be activated remotely to record and

monitor communications in real time creating a potential risk that important financial

and strategic data could be compromised 12CYBERSECURITY

PERSONAL



Heightened concern

For many companies 2013 marked the year that responsibility for oversight of

cybersecurity moved from the IT department to the boardroom

Publicity surrounding Chinarsquos growing cyber army massive theft of information

by trusted insiders like Edward Snowden and large data breaches such as the

one experienced by Target Corporation in December 2013 all helped to elevate

cyber risk to the forefront for business executives

With so much at stake for a business - financial loss operational disruption

competitive disadvantage legal liability and harm to corporate reputation - the

question for corporate directors and officers is not whether to become involved

in cyber risk management but how to appropriately oversee their companyrsquos

initiatives

13



Introduction The costs of a cyber attack can be significant To protect finances liability reputation

and future growth corporate boards must ensure that their companies have appropriate

processes in place to manage cyber risk in the context of their business

Cyber attacks and data leakage are daily threats to organisations globally reminding us

that we are all potential targets of this type of threat

Lawyers are discussing the potential risk of individual liability for corporate directors

who do not take appropriate responsibility for oversight of cybersecurity

Investors and regulators are increasingly challenging boards to step up their oversight of

cybersecurity and calling for greater transparency around major breaches and the impact

they have on the business

Given this environment it is not surprising that cyber risk is now near the top of board

and audit committee agendas

According to a KPMG Global Audit Committee Survey nearly 45 percent of audit

committees in the United States have primary oversight responsibility for cybersecurity

risk yet only 25 percent say that the quality of the information they receive about

cybersecurity is good 14



15

How prepared are we



Attacks

16



The risks ndash wherersquos the upside

17



Regulatory Focus Areas and

Industry Activities

18



A Perfect Storm brewing

19



Questions we need to ask related to

Cyber Risk

20

Case study



Key questions to be addressed

21



Cyber Risk Maturity Framework

Know where you are

22



What is at stakePotential impacts and possible implications for the board include

Intellectual property losses including patented information and trademarked

material client lists and commercially sensitive data

Legal expenses including damages for data privacy breachescompensation for

delays regulatory fines and the cost associated with defense

Property losses of stock or information leading to delays or failure to deliver

Reputational loss which may lead to a decline in market value and loss of

goodwill and confidence by customers and suppliers

Time lost and distraction to the business due to investigating how the breach

occurred and what information (if any) was lost keeping shareholders advised

and explaining what occurred to regulatory authorities

Administrative cost to correct the impact such as restoring client confidence

communications to authorities replacing property and restoring the

organisationrsquos business to its previous levels23



Continue to connect the dots with

metrics

24

It is important to assess and benchmark the value of the framework by using

Key Performance Indicators (KPIs)

Considerations would include

Which KPIs are on your cyber risk dashboard

Is your organisation achieving the cyber risk targets it has formulated

How do the KPIs for cyber risks relate to those of your peers



Conclusions

We believe the process for closing that gap should not be a mystery Taking a

proactive approach to improving cybersecurity governance - connecting the dots

between IT and the business and providing the board with the information

it needs - can help position the company and the board to more selectively address

the evolving threat and implications of a major cybersecurity breach

Since many global organisations have been victims of cyber crime over recent years

board oversight of cybersecurity is no longer just a leading practice - it is a

necessity

Investors governments and global regulators are increasingly challenging

board members to actively demonstrate diligence in this area

Regulators expect personal information to be protected and systems to be resilient to

both accidental data leakage and deliberate attacks

25

SHARING 2017 Predictions



Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707

e-mail rameshfridayconceptscom

wwwinsterpcom 26



A Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW) as well as the Malaysian Institute of Accountants (MIA)

a Certified Risk Professional (CRP) a certified Enterprise Risk Manager (ERM) a certified Islamic Enterprise Risk Manager (ERMi) a

Qualified Risk Director (QRD) and a Qualified Risk Auditor (QRA) Ramesh was also a Regional Director for the Global Association of

Risk Professionals (GARP) and was instrumental in the creation of the Malaysian chapter of the Professional Risk Managers International

Association (PRMIA) He is an Islamic and Conventional Risk Management resource for the Qatar Investment Authority and is listed in their

Q-Finance Directory Ramesh was a former Risk Management mentor on the ICEAWrsquos Regional F-TEN program and is a member of the

Advisory Board and also on the Panel of Experts of the GlobalRisk Community Ramesh has also been named a Paul Harris Fellow of the

Rotary Foundation of Rotary International in appreciation of tangible and significant assistance given for the furtherance of better

understanding and friendly relations among peoples of the world

With over 30 years of Risk Management experience he is also a recognised Global pioneer in Enterprise Risk Management and in the

implementation of ISO 31000 ISO 31004 and 31010 practices Ramesh started his career with Price Waterhousersquos Financial Institutions

specialism in London gaining experience in Audit Consultancy and Corporate Finance assignments Succeeding the seven years there he

went on to become the Director of Finance and Administration at Picker International Ltd in London In 1994 he spent a year as the Chief

Financial Officer of Rank Video Services (Europe) Limited before accepting a more challenging job experience through an international

assignment Ramesh was handling the responsibilities of a few roles and travelling between Singapore Malaysia and Indonesia as the Acting

Regional Financial Controller cum Senior Regional Financial Analyst as well as the Indonesian Financial Controller as well as Deputy

Country Head for PowerGen International a FTSE 100 (London) listed company in the power and energy industry

Upon leaving PowerGen he headed the Portfolio Management and Credit Administration functions in Citibank before accepting a position in

a National Asset Management Company as the General Manager of the Risk Management Division There Ramesh was responsible for

establishing the Enterprise Risk Management function and Risk Management Policy as well as formulating and documenting the various

procedures and policies relating to the Operations of the National Asset Management Company During his tenure there Ramesh spent a year

on secondment to helliphelliphelliphelliphelliphelliphellip(continued on next page)

Ramesh Pillai ndash Chairman Board of Governors Institute of Enterprise Risk Practitioners

Ramesh Pillai is the Chairman of the Board of Governors of the International Institute of Enterprise Risk Practitioners(IERP) as well as being the Group Managing Director of Friday Concepts an International ERM (Conventional andIslamic) BCM Governance Risk Management and Compliance boutique consultancy He is currently a Director ofthree leading Financial Institutions and a former Director of one Developmental Financial Institution His Boardexperience encompasses chairing the Board Risk Management Committee and Board Audit Committee and being amember of the Board Collaboration Committee Investment Committee and Remuneration Committee He is also anominee Director for a Regional Central Bank Additionally Ramesh is the former Risk Management Adviser to thePublic Trustee and one of the largest fund managers in the Region as well as to one of the largest Islamic fund managersin the Region Ramesh holds a Bachelor of Economics with Accountancy (Honours) degree from LoughboroughUniversity in the UK As part of his degree course Ramesh specialised in Economics and Banking in general andIslamic Banking in particular

2














3










RIS

KA

SSU

RA

NC

E

RISKOVERSIGHT

RISK DRIVERS

RISKCHAMPIONS


RISK LEADERS

BCM








and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26














3










RIS

KA

SSU

RA

NC

E

RISKOVERSIGHT

RISK DRIVERS

RISKCHAMPIONS


RISK LEADERS

BCM








and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26










RIS

KA

SSU

RA

NC

E

RISKOVERSIGHT

RISK DRIVERS

RISKCHAMPIONS


RISK LEADERS

BCM








and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



RIS

KA

SSU

RA

NC

E

RISKOVERSIGHT

RISK DRIVERS

RISKCHAMPIONS


RISK LEADERS

BCM








and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26







and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




and Islamic ERM










Strategy Consulting

Training
















Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26






Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



Think

broadly

about

Value





9






Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




Human Resources




hellip

hellip

Climate Change

Human Rights


Water

Corruption

Governance

Biodiversity

Outsourcing


hellip



Deve

lopin

g

Peo

ple

Evo

lvin

g

Busi

ness

S

yst

em

s

Enhan

cin

g

Sta

keho

lder

Cap

abil

itie

s

Req

uir

em

en

ts fo

r em

bed

din

g s

ust

ain

ab

ilit

y hellip















10




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




OperatingRisk

Credit Risk

Model Risk



FutureWhite Space






Risk Management













harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26











harm the business








PERSONAL



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



Heightened concern











initiatives

13





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26





















15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



15

How prepared are we



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



Attacks

16




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




17




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




Industry Activities

18




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




19




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




Cyber Risk

20

Case study




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




21




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




Know where you are

22




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




















metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26




metrics

24









Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



Conclusions








necessity





25




Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26



Q amp As

T +603 ndash 2381 1900 F +603 - 7611 0707


wwwinsterpcom 26

Documents

Institute of Enterprise Risk Practitioners Menara ...marim.org/wp-content/uploads/MARIM-Conference_RameshPillai_Cyber-Risk.pdf · No. 13A, Jalan PJU 5/1, Kota Damansara PJU 5, 47810