Ahead of today’s session on cyber risk, StrategicRISK spoke to Nadine Delouche, risk manager at GIRC AGIRC-ARRCO about the ever-changing cyber landscape


Cyber security is a key concern for companies and it is more important than ever for businesses to keep track of this fast-evolving risk, says Nadine Delouche, risk manager at France-based IT provider, GIRC AGIRC-ARRCO.

Businesses need to constantly adapt their cyber security measures, as today’s state-of-the-art security systems could be tomorrow’s outdated legacy systems. For instance, passwords should be reviewed. Delouche said: “Passwords that were considered very strong two years ago are today hacked in less than an hour. Replacing ‘i’ with ‘1’, ‘o’ with ‘0’, ‘a’ with ‘@’ and ‘two’ with ‘2’, are no longer sufficient protections.

“The same goes for cracking algorithms – numbers and special characters at the beginning and end of words are marked and cracked when they are separated only by a single word.”

To mitigate cyber risks, companies need to implement a cyber security monitoring system and conduct regular audits, she said. Close co-operation is also required between different departments from risk management and IT, to legal and the entire executive committee.

What to do if you’re hacked

In case of a breach, freezing the crime scene and preserving evidence is a step in the right direction. “Businesses need to insulate all that can be insulated, cut the networks and communications, and save the traces, logs and systems diaries,” she said.

In the early stages of discovering an attack, the risk manager should also check the insurance arrangements. “It may be necessary to open a claims file for computer damage, fraud and malice, or civil liability, which may be covered by one or more insurance contracts,” Delouche explained.