Title: Data Protection/Cyber Insurance, Talent for Performance and Designing an Organizational Risk Play Book
Speakers
Participants: Miranda Rodriguez, Shawn Tuma, Juhi Chawla, Aravind Kashyapp, Michael Anderson, Scott Howitt, Jeanette M. Wayne
Keeping Data Protection and Cybersecurity Insurance Real
Data has become the new Enterprise life’s blood. To protect an Enterprise’s data and assets, a
thorough data and security strategic plan with multiple layers is needed including Cyber Insurance.
First, design a robust Incident Response Plan (IRP).
An Effective incident response plan takes a team, and the team needs to be prepared in advance of any possible breach. Frequently used service providers in incident response are often cyber forensics, cybersecurity, incident response, public relations, breach logistics, forensic accounting, and legal.
a. Many cyber insurance policies strictly limit which service providers can be used for
incident response services.
b. How will your cyber insurance then impact your incident response planning and how
should the two work together?
c. How and when must notices be given to the insurance carriers and when must
approvals be obtained?
d. What is the most important information a company can have to make sure this all works together in the smoothest manner possible under the most stressful of times?
Second, make sure your purchase your Cyber Insurance Policy from a company that specializes in cyber insurance.
They should have a robust internal cybersecurity staff able to work with an incident response team. Know what your Cyber Insurance covers “specifically”. So, engage a real expert to “read between the lines”. For example, Exclusions – what is an exclusion and what is all of this “Act of War” stuff we are hearing about?
Third, How Does Cyber Insurance Impact Your Incident Response Preparation?
More particularly, what are the security controls “must-haves” now for getting cyber insurance? Is MFA a must have? What required controls are needed for underwriting. Can companies fall out of compliance with these controls during the coverage period and lose coverage as a result? What happens if you say you have controls that you really don’t have? What are the types of coverages, what are the limits, what retentions (and what are these things)?
Fourth: Who is your key stakeholder who is ultimately responsible?
Who in the organization should have input into the coverage and purchase of Cyber Insurance? Who is the ultimate key stakeholder responsible for procurement and completion of all this information for obtaining this coverage? Are all cyber insurance companies alike? What is different? Are cyber costs and coverage regulated?
Attracting and Keeping Skilled Talent Impacts Performance
A company’s capital whether financial or human has been a critical driver impacting growth and performance. Although financial capital has long been a market measurement of a company’s relevance, we are seeing companies with effective Talent Management Systems i.e., diverse, equal and inclusive processes and procedures, have been outperforming their competitors year over year in increased revenue, talent longevity and departmental and cross-departmental cohesion.
Although many companies have focused on improving their customer experience to increase
performance, along with that, improving HRs strategic alignment i.e., creating positive employee engagement interactions, a positive impact on performance is the outcome. A positive employee experience along with overall HR effectiveness can have just as much effect on performance as providing an overall positive customer experience. Higher Total Returns to Shareholders (TRS) are 6 times more likely to be reported from companies with a robust talent management system.
What is your strategy for keeping skilled talent when competition is so steep? Are you applying innovation to your HR department? If so, in what way? How effective are your current job descriptions? What steps are you taking to create a more inclusive culture? Are there amply career opportunities and how are you communicating them? How has Digital Transformation effected your training programs and the people you hire? How has the competition for talent effected your pay scale? Have you implemented a robust Talent Management System and how effective has it been?
Join this lively and frank discussion with your peers, colleagues, and teams.
Designing and Developing an Organizational Risk Play Book
Organizational decisions can have uncertain outcomes and anything that produces Enterprise
uncertainty has a direct impact on the continued Enterprise’s relevance and viability. An
Organizational Risk Playbook is needed for every Enterprise with some of the following few
examples:
Cybersecurity Risk: Connection to the internet. Third-Party Operational Risk: Trusting others outside the company for operational excellence and more; Regulation and Compliance Risk: Meeting all the governmental requirements with higher standards than asked; Reputational Risk: Keeping high metric measurements on customer interaction and engagements. Supply Chain Risk: Meeting both customer delivery demands and an efficient inventory flow; Product Launch Risk: Success is measured through each phase with detailed processes. Disaster Recovery Risk: Multiple suppliers along with possible relocation facilities.
What is your Organizational Risk Playbook? Did you have an Organizational Risk Playbook prior to the Pandemic? How has it changed? How often do you review it? Who are the key Stakeholders assigned responsible for the decisions? How confident are you in your Organizational Risk Playbook now that it has been dramatically tested?
Come join this vibrant and interactive discussion with top industry leaders.