New Guide Helps CFOs Prepare for Cyber Attacks
The American National Standards Institute and the Internet Security Alliance released a new action guide on Monday to help business executives analyze, manage, and transfer financial risks related to a cyber attack. Critical vulnerabilities in the world's financial systems place the world's security at risk, leaders of the organizations said.
"The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask" is "revolutionary in its approach and extremely practical in its application. It will assist organizations in taking the necessary multi-dimensional approach to managing their cyber infrastructure by shifting the locus of control to the Chief Financial Officer," said Larry Clinton, ISA's president.
ANSI and ISA noted the Congressional Research Service in 2004 estimated the annual economic impact of cyber attacks on businesses at more than $226 billion, and in 2008, Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. "We are experiencing a financial meltdown due to a fundamental misunderstanding and mismanagement of modern financial systems, which is generating a crisis of confidence in our core institutions. Today, all our critical infrastructures are reliant on cyber systems that are also misunderstood and mismanaged. These vulnerabilities place both our financial and physical security in jeopardy unless we update the method we use to control our cyber systems," Clinton said.
The guide was developed by a task force representing more than 30 private and public organizations. Two thousand copies of it are being sent to executives at leading U.S. companies. Electronic copies are available for a free download. "By bringing together a diverse group of cyber security experts, ANSI and the ISA have identified the potential gaps in the process of analyzing cyber risk," said Fran Schrotter, senior vice president and chief operating officer at ANSI. "We have given C-Suite executives a tool that will assist them in developing and implementing a cyber risk management plan for their organization."