The Augusta Group and 327 Solutions announce their education partnership

The Augusta Group
  • Home
  • SEC rule
  • EN NIS 2/ DORA
  • The FDA
  • Strategy
  • Risk management
  • Governance
  • Services
    • Board Governance
    • Cyber and Risk Advisory
    • Non-Executive Director
    • Training and Compliance
    • insights
  • The team
  • Contact Us
  • More
    • Home
    • SEC rule
    • EN NIS 2/ DORA
    • The FDA
    • Strategy
    • Risk management
    • Governance
    • Services
      • Board Governance
      • Cyber and Risk Advisory
      • Non-Executive Director
      • Training and Compliance
      • insights
    • The team
    • Contact Us
The Augusta Group
  • Home
  • SEC rule
  • EN NIS 2/ DORA
  • The FDA
  • Strategy
  • Risk management
  • Governance
  • Services
    • Board Governance
    • Cyber and Risk Advisory
    • Non-Executive Director
    • Training and Compliance
    • insights
  • The team
  • Contact Us

Cybersecurity is facing regulation - 'Left of Bang - V2.0'

The traditional approach for many organizations to manage cybersecurity risks has been to rely on cyber insurance as the main form of risk transfer. This worked when cyber was a low probability, low impact event. But cyber is no longer a low probability low impact event, it is a risk whose impact is considered by U.S Federal Government and the EU commission to be high enough, with such an impact, that they have seen fit to regulate cybersecurity risk management.


The historic ‘It won’t happen to me, right of bang approach’ to managing cyber will no longer work. Cyber regulation forces boards to accept that they have to manage cyber risk (if they wish to stay in a given market), accept the capital allocation for cybersecurity onto the balance sheet, that is to the detriment to the organizations capital allocation.

 

Regulation removes the ability of the board to make decisions based upon the cost of implementation alone.  It requires boards to demonstrate a reasonable level of cyber compliance, that while economic in nature has to be justified in line with the boards responsibility to demonstrate appropriate capital allocation, due diligence and care to shareholders.  While cyber insurance plays an important role in risk management.  If board decide to stay in covered markets them cyber regulation transfers cyber risk management to corporate financial statements.  Requiring boards to implement cybersecurity risk management, governance, program oversight, assurance and absorb personal and corporate liability for cybersecurity risk management compliance.


In this paper we discuss cybersecurity risk management regulation and the transfer of risk from cyber insurance to corporate financial statements. The steps organisations should now be considering to take to manage cybersecurity risk. As required under regulations such as EU NIS2, DORA, the CRA, the SEC proposal, and the potential exposure that the White House ONCD strategy and proposed Australian cybersecurity regulations impose on corporate boards.

Cybersecurity risk regulation drives cyber compliance

Boards will be accountable for cyber compliance

Download PDF

Copyright © 2021 Augusta GRC, LLC - All Rights Reserved.

The Augusta Group

  • Home
  • SEC rule
  • EN NIS 2/ DORA
  • The FDA
  • Strategy
  • Risk management
  • Governance
  • Cyber Harmonisation
  • Board Governance
  • Cyber and Risk Advisory
  • Non-Executive Director

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept