RIMS EXECUTIVE REPORT - “ERM Best Practices in the Cyber World”

February 06, 2012



Study Highlights the Benefits of Implementing ERM Practices to Manage Cyber Risks

NEW YORK (February 6, 2012) — There has never been a more important time to assess and update your data risk management practices, according to a new executive report jointly released by RIMS (the Risk and Insurance Management Society, Inc.), Identity Theft 911 (IDT911) and USLAW NETWORK.

“ERM Best Practices in the Cyber World” is a 29-page “how-to” guide designed to help organizations successfully manage data risk through an enterprise risk management (ERM) approach. The report explores the best data risk management practices, concepts and challenges; the advantages and potential pitfalls of data risk assessments; steps to undertake an attorney-directed assessment project; practical solutions for weathering the cyber storm; as well as possible coverage opportunities under existing or newly available insurance policies.

Data risks may hold unrecognized implications for an organization’s strategy, particularly if delegated to a technology function to manage alone,” said Carol Fox, Director of the Strategic and Enterprise Risk Practice at RIMS. “This report will help executives tap ERM best practices for unifying legal, security, data management and protection, information security, privacy, compliance and audit functions that are needed for a comprehensive data risk approach, while protecting risk assessment report findings.”

“The volume and value of sensitive data has never been higher and the sophistication of those who want to steal it continues to increase in lockstep with the newest technological innovations,” said David A. Speciale, J.D., CITRMS, Director of Business Acquisition at IDT911. “All the while, the potential cost of a data breach grows ever more catastrophic in terms of financial, legal, and reputational damage. Failure to act is not an option.”

Richard Magrath, Global Director, USLAW NETWORK said, “While a focused data risk assessment helps an organization’s management fulfill its fiduciary duty of care, the assessment itself can involve risk. The written reports generated at the culmination of such a risk assessment, whether conducted internally or by an external party, may provide a roadmap for an adversary, an advantage for a competitor or be produced as evidence of negligence or willful disregard in a tort action. It is important for organizations to protect such reports from unwanted discovery, so they can be used constructively within the organization with fewer misgivings about potential misuse.”

The full report can be purchased at www.RIMS.org/RIMStore.  The report is free for RIMS members and $29 for non-members. The report will also be made available for free to those belonging to the USLAW NETWORK and IDT911 clients.

In conjunction with the release of this white paper, RIMS and Identity Theft 911 will host “Cyber Risk: Privacy and Data Security Risk Management” workshop four times throughout the year. Dates and locations are as follows:

  • March 5 -6 in New York;
  • June 20-21 in San Francisco;
  • August 13-14 in Winnipeg; and
  • September 20-21 in Washington, DC.

To register for the workshop and to receive a free copy of the “ERM Best Practices in the Cyber World” report, visit www.RIMS.org/CyberWorkshop12.

Also, RIMS 2012 Annual Conference & Exhibition scheduled for April 15 – 18 in Philadelphia will feature several ERM and Cyber Risk Management sessions including:

  • Enterprise Best Practices in the Cyber World
  • ERM and Business Continuity Management
  • Cyber Attack and Privacy Claims: Litigation, Insurance and Crisis Management
  • Practical ERM Tools to Support Your Growing Program
  • Hey Hacker, Get Off My Cloud!

For more information about these sessions or to register for the Annual Conference & Exhibition, visit www.RIMS.org/RIMS12

About Identity Theft 911 - Founded in 2003, Identity Theft 911 is the nation’s premier consultative provider of identity and data risk management, resolution and education services. The company serves 13 million households across the country and provides fraud solutions for a range of organizations, including Fortune 500 companies, the country’s largest insurance companies, corporate benefit providers, banks and credit unions and membership organizations. Since 2005, the company has helped more than 150,000 businesses manage data breaches. For more information, please visit www.idt911.com, www.facebook.com/idt911 and www.twitter.com/idt911.

About USLAW NETWORK - USLAW NETWORK is a global organization composed of 66 independent law firms with over 5,000 attorneys covering the United States, Canada and Latin America. Among the firms, there are over 150 offices in 47 U.S. states. An alliance with the Trans-European Law Firm Alliance (TELFA) gives USLAW access to 25 European law firms each representing its own jurisdiction and a similar relationship with ALN Limited enables the organization to partner with 10 firms in East and Central Africa. www.uslaw.org  

For more information, contact:

Josh Salter, Director of Communications, (212) 655-6059 or JSalter@rims.org

About RIMS

As the preeminent organization dedicated to promoting the profession of risk management, RIMS, the risk management society®, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS is committed to advancing risk management capabilities for organizational success, bringing networking, professional development and education opportunities to its membership of more than 10,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org

About Us