Persistent cyber risks are having a profound impact on the ability of businesses to safeguard their most valuable assets. Keeping pace with these more sophisticated and highly motivated attacks demands that organizations adopt a dynamic, nimble security strategy that builds resilience from the inside out with an industry-specific approach that protects the entire value chain, end to end.
NACD members discussed the role a board director can play in strengthening an organization’s ability to manage cyber risk by:
Building a strong foundation – identifying high value assets and ensuring they are deployed across the organizational value chain, not just the corporate function.
Pressure testing resilience – understanding the data and analyzing where improvements need to be made.
Employing breakthrough technologies - freeing up investment capacity to invest in technologies that can automate your defenses.
Learning to hunt threats – developing strategic and tactical threat intelligence tailored to your industry.
Board directors and community leaders discussed evaluating and managing risk with your board.
DISCUSSION SUMMARY AND KEY TAKEAWAYS
HERE'S WHAT YOU MAY HAVE MISSED
Cyber Experts on How Boards Can and Must Help Their Companies Protect Critical Assets
Panelists provided essential information and covered practical and specific advice on how Cyber risks have and will continue to have profound impacts on businesses and the mandate to protect valuable, mission critical assets.
Chris Hetner, Managing Director, Marsh Risk; Bob Kress, co-Chief Operating Officer and global Quality & Risk Officer, Accenture Security; Amjed Saffarini, Founder and President, Wander Group; Moderated by Lynn McMahon, Office Managing Director, Accenture New York Metro.
Engaging eagerly with the audience made for real-time exchange of information, experiences, and ideas. Focus centered on roles and actions directors can and should take to defend against cyberattacks. Practical and specific advice was covered in meaningful detail.
Key Takeaways No “silver bullet” Boards must know where they are on their journeys to accept and manage risk. Solutions to risk defense are, by nature, transformational
Most boards lack depth in cyber understanding Bringing technology backgrounds on boards is a necessity. Specific cyber knowledge can be met periodically by external experts
Know critical assets and processes Crown jewelsareRevenue, Reputation, and Data
Accenture study of 5,000 companies 38% saw a cyber breach averaging .5m records
Board Governance is crucial. How many directors are qualified to respond to a cyber threat or attack? Know your board capabilities.
Cyber protection can be a competitive differentiator
“Stay plugged in”
Quantify risks, especially technology disruption.
Consider Cyber Protection as analogous to brakes – they help operate vehicles faster; not slower.
100% protection is not feasible. Risk protection must be prioritized, balanced by the tolerance for risk unique to each organization.
Cyber protection can be a competitive differentiator.
Investing in critical resources to protect assets and response capabilities requires balance.
Boards must understand the technology underpinning their critical assets.
Essential Crisis Management tools:
Conduct Target Drills: Battle test the total organization - targeted on specific functions and departments
Engage the board in exercises
Update the Board: Conduct frequent board meeting updates on exercises
Understand the board role: Outline the Board’s role in cyber events
Create a methodology for responses
Supply Chain Security: Address all levels and dependencies of the supply chain
Know supplier impact on critical functions
Cyber Security Investment: Calculate required cyber security vs tolerance for risk.
Benchmark: Know how peers and competitors are investing and managing
Marsh Risk Consulting, Managing Director | Cyber Risk Consulting
Chris Hetner is a Managing Director for Marsh Risk Consulting’s (MRC) Cyber Risk Consulting business based out of New York. Working closely with Marsh’s cyber insurance and advisory teams, MRC’s Cyber Risk Consulting team delivers a wide range of expertise and capabilities – from cyber risk impact modeling to cyber breach and business interruption readiness – tailored to each client’s specific risk management needs and objectives.
Chris has over 25 years of experience in cybersecurity, risk management and regulatory compliance. Chris currently serves as Special Advisor of Cyber Risk for the National Association of Corporate Directors (NACD) and National Board Member of the Society of Hispanic Professional Engineers (SHPE). Prior to joining Marsh, Chris served as the Senior Advisor to the United States Securities and Exchange Commission (SEC) Chairman on Cybersecurity. Chris was also a leading member of the US Treasury Financial Banking Information Infrastructure Committee where he provided leadership across a range of cybersecurity programs impacting the financial services sector. Prior to joining the SEC, Chris held several leadership roles including EY’s Wealth and Asset Management Cybersecurity practice leader, Global Chief Information Security Officer (CISO) at GE Capital and Senior Vice President of Information Security at Citigroup.
• M.S. in Information Assurance (Cum Laude) from Norwich University
• B.S in Security Management from John Jay College of Criminal Justice The
City University of New York
• United States Department of Homeland Security (DHS) Top Secret Clearance
• National Associate of Corporate Directors (NACD)
• (ISACA) Certified Information Security Manager
• (ISC)2 Certified Information Systems Security Professional
• Society of Hispanic Professional Engineers (SHPE)
Amjed Saffarini is Founder and President of the Wander Group, a cybersecurity investment and consulting firm. Prior to founding Wander, Saffarini was founder and CEO of CyberVista, a Graham Holdings company (formerly known as The Washington Post Co - NYSE: GHC). CyberVista is a cybersecurity company founded in 2015 to help large company boards and executives govern and manage cybersecurity risk in their organizations. In addition to these executive solutions, CyberVista’s training division provides cyber workforce training solutions to large companies in most industries.
Prior to founding CyberVista, Amjed spent 15 years at Graham Holdings’ education subsidiary Kaplan where he was most recently President of the University Solutions Group and Chief Delivery and Transformation Officer.
In addition to officer duties, Amjed has served on the boards of private companies and serves on the board of the non-profit FAIR Institute. He is a Board Leadership Fellow of the National Association of Corporate Directors (NACD).
Amjed’s professional focus areas include learning interventions systems and Human Computer Interfaces in cybersecurity. He has a BS in Cell Biology and Neuroscience from Rutgers University, and lives in the New York City metro area with his wife and three children.
Bob Kress is a Managing Director and the co-Chief Operating Officer and the global Quality & Risk officer for Accenture Security, responsible for identifying, assessing and managing risk in Accenture's Security business, and managing the quality of Security services delivered to clients. Mr. Kress is also responsible for Accenture Security offerings to Boards of Directors, and is the Midwest Region Security lead. Bob is a trusted C-level advisor for Accenture’s clients.
Prior to this Bob was:
• the Managing Director of Global IT Audit in Accenture’s Internal Audit organization and led the Internal Audit transformation and digitization.
• the COO of Accenture’s Internal IT organization responsible for transforming internal IT and running IT like a business, including IT Strategy, IT Planning, IT Risk, and all IT operations.
Previously Bob worked in Accenture’s Management Consulting and Software Products organizations.
Bob has published two books, Running IT like a Business, and IT Governance to Drive High Performance, and holds patents in the U.S. and Australia for artificial intelligence technology for Identifying Risk Trends Associated With Topics From Natural Language Text. Bob’s most recent publications include:
Bob chairs the Board of i.c.stars, a non-profit focused on technology and leadership training for low-income young adults. Additionally, he is the Chairman of the Advisory Board for the College of Engineering at The University of Iowa.
Bob is a member of the National Association of Corporate Directors (NACD) and was named a NACD Board Leadership Fellow recognizing commitment to exemplary board leadership. Bob was also named to the 2019 and 2018 NACD Directorship 100, the annual list of the most influential people in the boardroom and on corporate governance. Bob is a member of The Economic Club of Chicago, and The Executives Club of Chicago and is co-chair of the Business Technology Committee.
Bob holds a Bachelor’s degree in physics from Loras College in Dubuque, Iowa, and a Master of Business Administration degree from the University of Iowa. His hobbies include sports, gardening and spending time with his family. He lives by the mantra: rigor and discipline are critical ingredients for sustained success.
Lynn McMahon is the office managing director for Accenture in New York Metro. In this role, Lynn is responsible for driving the local business strategy and engaging a staff of more than 4,700 New York and New Jersey based resources. In addition to her New York Metro responsibilities, Lynn leads the Media and Entertainment industry group for Accenture in North America, a practice which serves clients in the broadcasting, entertainment, internet, social and publishing industries. And finally, Lynn serves as the executive sponsor of one of Accenture’s largest telecommunications industry accounts, which is based in New York City.
Throughout her 30-year career with Accenture, Lynn has held a number of leadership positions within the Accenture Communications, Media and Technology operating group. Most recently, Lynn served as the chief operating officer for the group in North America, as well as the group’s sales director. She has also led a number of high-profile technology and digital transformation engagements with large Accenture clients.
In 2000, Lynn founded the Accenture Innovation Center in New York Metro, and subsequently served as the center’s director for six years. This center, the first of its kind when founded, provides leading edge technology capabilities and solutions, demonstration and development facilities, skilled professionals, and cross-industry expertise to help companies bring their ideas to life quickly.
Lynn is the founder and executive sponsor of the Accenture Women’s Leadership Forum, a premier client event for senior, female business executives in the communications, media and high tech industries. Through the years, the Forum has become a vehicle for those women driving change within the technology ecosystem to build leadership skills, learn from each other, collaborate and drive business together. As part of the 2014 program, Lynn interviewed former President Jimmy Carter in front of a live audience at the Carter Center in Atlanta; the interview was streamed live to Accenture clients and employees around the United States.
Lynn is a recipient of Accenture’s prestigious “Great Place to Work for Women” award, which is given annually to a senior Accenture executive who has fostered and modeled an environment where women can succeed. She has represented Accenture as a speaker and participant at conferences and events such as the Catalyst Awards Conference and the International Women’s Forum.
Originally from central Florida, Lynn holds a bachelor’s degree in finance and a master’s in business administration – both from Florida State University. She serves as a vice president on the board of directors of the New Jersey Ballet Company and on the board of the World War II Memorial in Washington D.C.
Lynn is based in the New York Metro region.