Report: Private sector can better prepare for cyber attack risks

A panel of business executives and policy experts laid out a road map for companies to mitigate the economic impact of cyber attacks. The report, titled “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask,” was released by the American National Standards Institute and the Internet Security Alliance, and it builds on recommendations included in legislation that passed Congress after the 9/11 terrorist attacks that called for increased industry coordination to secure the nation’s computer-based networks.

ISA President Larry Clinton said that as was the case with the economic turmoil, which stemmed from “a fundamental misunderstanding and mismanagement of modern financial systems,” the country’s critical infrastructures rely on cyber systems “that are also misunderstood and mismanaged.” Two thousand copies of the report, which suggests shifting control of corporate cyber infrastructures from IT departments to chief financial officers, are being shipped to executives at major companies, Clinton said. In addition to offering fifty questions every CFO should ask, the guide offers charts to help calculate the probability and severity of financial loss from both risk events and the actions taken to mitigate them.