Ajoy Kumar, Head of Cyber/Tech Risk, DTCC
Given the critical nature of cyber security to the overall functioning of an organization, Financial Services Organizations (FSOs) are starting to measure and manage cyber risk as one of the critical risks in their overall risk portfolio. While FSOs are starting to gain an understanding of their cyber risk across the entire business franchise, understanding the cyber risk landscape at an individual Line of Business (LOB) level has remained elusive. The DTCC Enterprise Cyber Risk Assessment (ECRA) enables each LOB to understand the cyber security risk portfolio that pertains to each LOB. The methodology for identifying LOB cyber risks includes analyzing prior cyber risk assessments, incidents, and issues and threats across the enterprise and deriving the LOB specific view based on the business context, threat landscape, and technology footprint. The approach includes a bottoms up analysis of data, and a top down validation of the risks with the LOB. Once cyber risks are included in the business risk portfolio, LOBs are able to extend their existing business and operational risk management practices to cyber risk management, and take a holistic risk management approach across the entire risk portfolio.