Cyber criminals have the advantage because firms lack cohesion in the reporting, assessment and communication of digital risk

Gerome Billois

Corporates are losing the battle with cyber criminals because their approach to cyber risk is disjointed and lacks cohesion, says Soulcom senior manager and practice board member, Gérôme Billois (pictured).

The broad nature of cyber risk means many different parts of an organisation are concerned with elements of the risk, according to Billois, but a lack of cohesion in the reporting, assessment and communication of digital risk means cyber criminals have the advantage.

Speaking before the Identification and treatment of digital risks session at this year’s AMRAE conference, Billois said: “Cyber criminals or hackers do not wait for a firm be organised to attack the enterprise.

“The threat is moving faster than businesses and we need to address this digital risk issue together in a timely manner, and this requires coordination between concerned departments in three ways.”

Billois outlined three phases that companies should follow to improve their cyber defence, being; anticipation of the risk, protection and thirdly, detection and response.

Building on this, individuals responsible for areas concerned with cyber risk, such as the business continuity manager, chief information security manager and risk manager, should be in close communication.

He added: “These people must speak the same language and share the same risk analysis methodology and measurements, particularly regarding impact and probability levels.

“When these actors report to the chief executive, they each report on cyber risk but nobody is using the same language or using the same risk level.”