Machiavelli’s Guide to managing Cyber Risk

Date:
Tuesday 9 February 2016

Time:
6.00pm - 9.30pm

Venue:
BCS, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA

Cost:
BCS Members: £15 +VAT
Non-Members: £25 +VAT
Cost covers buffet & wine

Speaker:
Philip Virgo, Advisory Panel, Digital Policy Alliance

Details:

Members are encouraged to invite their organisation's board member most responsible for cyber risk to accompany them. The talk will explicitly address the board's responsibility to lead the management of cyber risk and the response to incidents.

'Machiavelli's Guide to managing Cyber Risk: or 'reduce the target and get them to attack your competitors instead'

The cost of recent data breaches (from Target, Ashley Maddison and Talk Talk) means that cyber risk is now routinely excluded from mainstream business insurance policies, whether for director's liability, business continuity or theft. The new cyber-risk policies commonly cover only the cost of 'incident management' in line with processes and plans agreed alongside the policy and reviewed annually. Third party liabilities (estimated at $250 per record compromised for US retailers wishing to keep their PCI-DSS accreditation before allowing for know fraud) and fines under the new EU General Data Protection Directive (up to 4% of turnover) are unlikely to be covered. The lack of insurance cover is doing more to change the attitude of Director's towards the cyber risks for which they and their companies may be held responsible than awareness campaigns or regulatory warnings.

  • So what are the 'real' risks and how can they be reduced or, better still, used for strategic benefit?
  • How can the effective management of risk be used to enhance customer confidence and do more business at lower cost?
  • What are the objectives for a security polity and the measures of success?
  • How do you ensure that you are not the first to be sacrificed when the organisation is hit with a very public security breach but are part of the response team that turns adversity into advantage?

Agenda

18:00 - 18:30 Registration
18:30 - 18:35 Introduction
18:35 - 20:00 Event: Machiavelli’s Guide to managing Cyber Risk - Philip Virgo
20:00 - 21:30 Buffet and networking

About the speaker

Philip, who declined an invitation to join the Information Security Hall of Fame because it would only draw attention to him as a target, will use incidents from past and present to illustrate some key strategies for turning individual risk into collective competitive advantage.

He has been an advisor to various select committees and enquiries over the past twenty years and his blog 'When IT meets Politics' (2008 onwards) is regularly used to whitewash material that whistle-blowers and others wish to see in the public domain as well as to analyse developments. It is widely read by journalists, politicians and officials who, in return, help with material they cannot be seen to have contributed.

In the past he has been a Systems Engineer & Programme Manager, Principal Consultant at the NCC, co-founder of PITCOM, Secretary-General of EURIM, Chair of the Conservative Technology Forum and Chair of the WCIT Security Panel.