Video transcript: Board ready cyber reporting
Board ready cyber reporting
Transcript
Have you heard of all these latest ransomware attacks?
It's really concerning.
The cyber threats just keep changing.
Really worried about some of the stuff we're reading in the newspaper.
There were another two companies that were compromised last.
I'm really keen to hear how our controls are holding up under pressure.
Here it comes.
I hope I can follow the metrics this time.
Good morning and thank you for making time today.
My focus continues to be on balancing robust cyber security practises with our global business priorities.
So for this update, I'd like to start with the big picture, regulatory standards, resilience and public trust.
We're continually maturing.
We can't afford to hit the headlines for the wrong reasons.
Resilience in our supply chain remains.
We go down even for a day.
We could lose millions and our reputation on operations.
I'm going to take you through our cyber risk exposure and how our investment programme is reducing those risks.
This year we assessed our cyber security maturity across key areas of the business.
So can you tell us whether you think our cyber risk is at an acceptable level?
Of course, our BAU security activity includes A patching prevent against known threats and endpoint protection.
Our vulnerabilities have an average CVSS score of eight with over 2000 unpatched systems, 35% of these, our BIT site score is 450 / 900.
But what does this actually mean for us?
Well, it means without an immediate £10 million investment, we'll remain susceptible to potential.
And where are we with our cyber investment strategy?
Well, regulatory compliance is critical of course.
This past quarter we've remediated 10,000 vulnerabilities across included in critical CVSS rated.
We still have 20,000 outstanding fund.
We need a £5,000,000 investment to increase our remediation rate by improving meantime detection metrics by 15% or to make patching for 40% of our sorry, I just don't understand the metrics.
What is the implication for these slides really aren't helping.
They're just not getting it.
The more data I give them, the less they see the value of investment.
There has to be a better way to help them understand.
This year we assessed our cybersecurity maturity across key areas of the business.
So can you tell us whether our cybersecurity risk is at an acceptable level?
Absolutely.
Using the managed cyber risk platform, we can easily visualise our enterprise wide view of risk.
It's a model driven approach that factors in business impacts, the cyber threat landscape and how our controls are performing.
And we can see here that we're outside an acceptable level of risk.
Cyber threats are aimed at exploiting identity weaknesses in our supply chain.
So we need investment to improve incident response and identity and access management.
Got it.
Thank you.
Can you explain how exactly the more investment will help reduce our risk exposure?
Attackers are trying to use credentials to access our systems in the cloud.
A £5,000,000 investment in projects to improve our identity and access management would reduce our risk to an acceptable level by year end.
5 million still significant.
Can you give me some more details on how the projects are going to reduce risk and how are we going to track that these specific projects will improve the maturity of our identity and access management control?
And how do we measure the effectiveness of those controls?
We track real time telemetry that evidences how well they're performing and converts them into performance metrics.
Our investment should mean that we can see these metrics trend in the right direction.
So any questions?
Nope, that's perfect.
Thank you.
Today's board members want to understand risk in terms of business outcomes, not just technical jargon.
They need concise, actionable insights.
PW CS Managed Cyber Risk Platform helps us to bridge the gap between technical risk assessment and strategic business decision making.
Let MCR transform your cyber risk conversations.
Contact us
