Clarity on cyber risks

A new Belgian guide to cyber risks designed for entrepreneurs will help risk managers communicate the enterprise wide issues involved to senior managers. The guide is the work of a small team of experts with guidance from the Secretary General of the International Chamber of Commerce, Rudi Thomaes.

BELRIM board member Sabine Desantoine comments, “BELRIM knows that cyber risks are high on the list of top risks for Belgian risk managers (and in any country actually), as data is key to any organisation and business, and we have been active in alerting members on the subject. The guide is indeed interesting and has been prepared by some important experts in the cyber risks domain.”

One of the authors of the guide is Marc Vael, chief auditor at the non-profit IT company SMALS and a member of the Belgian IT security professionals industry body ISACA. He describes it as “a guide written by experts but challenged by entrepreneurs.”

During the course of creating the guide over several months in 2013, Rudi Thomaes acted as a sounding board for the technical experts who came from leading companies and organisations in the sector. Says Marc, “Sometimes we are a bit biased toward technology. He wanted something that an entrepreneur could understand and we wanted them to read beyond page one.”

The absence of technical jargon is evidence of the approach the team took. “I think Mr Thomaes finally allowed us to keep the word ‘malware’. We persuaded him that business people would know what it means.”

The report contains top 10 security principles, top 10 must do security actions, a self-assessment questionnaire and security case studies. It is available free to download from http://www.iccbelgium.be/index.php/activities/becybersecure

FERMA President Julia Graham, who is FERMA’s spokesman on cyber risks, said: “We are drawing members’ attention to The Belgian Cyber Security Guide because it addresses cyber risks as an enterprise issue and is written in clear language. It does not set out to make us all experts but provides the risk manager with some comfort about the subject.

“The pace of change in cyber security risk is exceeding the ability of most organisations to keep up with managing it and so the risk gap is widening. There is a general lack of confidence in the subject at the boardroom table and with some risk managers. Guides like this help us start to move the subject out of the IT department and into the enterprise level where it belongs.”