Summit No. 35: Cybersecurity risk management - a new area of Cyber Transparency? (co-hosted with Swiss Cyberstorm)

Cyber Risk Management is the continuous process of identifying, evaluating, and mitigating threats to an
organization’s digital assets, data, and systems to protect against cyberattacks and ensure business continuity. It
involves assessing potential risks, implementing appropriate security measures, and continuously monitoring for
new threats to minimize negative impacts like financial loss, data breaches, and reputational damage. A strong Cyber
Risk Management program is crucial for modern businesses due to the increasing reliance on technology and the
evolving landscape of cyber threats.

Key Steps in the Cyber Risk Management Process are the same as in conventional risk management: risk identification,
assessment, treatment (mitigation), monitoring, and communication.

Why do we address this topic with high priority? Digitization is the most prominent key issue for achieving more
efficiency, outperforming the competition, and saving money. However, potential risk increases when raising the
digitization level. Therefore, we must protect digital assets with safeguards, ensure business continuity, preserve
companies’ reputation, and monitor compliance, with corrective measures when deviations are detected.

In the last period, new regulations and laws have emerged, accelerating the digital transformation with new
technologies, including cloud computing and remote work. These changes are very difficult to follow in-depth. In
addition, we need to prepare for post-incident procedures, ensuring that in the event of successful incidents, the
company can return to normal operation as quickly and effectively as possible. Another new fact is that the enterprise
approach is broader and more holistic: stakeholders from IT, security, business functions, partners, and clients may
be integrated.