ORX, the world’s largest association of operational risk professionals, has launched a new service, ORX Cyber, to help the industry manage and measure the risk of cyber and information security attacks.
ORX said the service is the first of its kind in the sector. ORX Cyber grew out of a pilot program run by the association since 2019. It offers a central hub for cyber risk management professionals to collaborate and exchange ideas. Twenty-two financial services organizations globally have committed to working with ORX to tackle cyber risk, which has been one of the top two operational risks in the association’s emerging risk surveys since 2016.
“Despite the progress the industry has made in this area over the last few years, each institution still manages cyber risk differently,” said Steve Bishop (pictured), head of ORX Cyber. “There is no common language or taxonomy to identify, collate, describe and report cyber risk events within the industry. Organizations are often working in isolation, each with its own definitions and styles of practice. This makes it challenging for organizations to understand their risk exposure and to benchmark with industry peers. It is challenging to collaborate to understand the risk and to identify solutions to improve controls and risk the exposure and ultimately cyber incidents.”
ORX said the top challenges in managing cyber risk are:
- Lack of easily available, relevant cyber event data (where an attack has impacted a firm)
- Lack of clarity and consistency in practice
- Difficulty comparing and benchmarking data and practice
- Multiple and conflicting industry frameworks and global regulations
“ORX Cyber is designed to break down barriers which currently impede effective data collection and benchmarking,” Bishop said. “This ultimately helps the second line to support the business in achieving its strategic goals in a safe and sustainable way, and protects customers, shareholders and reputations from the damaging effects of cyberattacks.”
“We see this service as a guiding light for cyber risk management,” said Simon Wills, executive director of ORX. “It is another example of how we are supporting our growing membership in managing operational risk in a digitalized world through shared experience, research, and insight.”