Share on Facebook Share on Twitter Share on Google+ Share on Linkedin WRIN.tv spoke with Marsh’s Cyber Product Leader, Bob Parisi, during the recent RIMS Conference in New Orleans, about the pervasive nature of cyber threat and what risk managers can do to manage the risk. While it is hard to quantify the cyber threat to American businesses, Mr. Parisi says, “any company that touches and handles confidential information, any company that utilizes technology in day-to-day operations has the risk… Everyone has cyber risk. “ While people can point to the rogue employee or ”state-sponsored actors” as the biggest threats to companies, cyber security is actually the “interconnectivity of companies, and the increasing use… and reliance on technology creates that threat.” The U.S. Government, through the Executive Branch and the White House, issued an Executive Order, which resulted in the NIST (National Institute of Standards and Technology) Framework. The House of Representatives also introduced a bill that would create liability protection for companies that share information, but it won’t protect companies from loss or liability if it causes harm. According to Mr. Parisi, the NIST Framework is a “building code for the technology and the internet.” Mr. Parisi says it creates awareness and sharing of information and will improve the overall situation. “That is where the Government can have some impact.” While there are a number of cyber insurance products being offered, Mr. Parisi says carriers have become more proactive in helping their clients understand, prepare and respond to the threat. It’s important to be able to model the cyber risk so that risk managers can understand what and where the risk is before you purchase insurance. Mr. Parisi suggests risk managers treat cyber risk as operational. It is important that they break down the silos in their organization and communicate with all the risk stakeholders. “The risk manager is the financial risk stakeholder. He handles the balance sheet risk. The CTO and Chief Information Security Officer handle the technology risk.” Cyber risk should be treated the same way any material or operational risk. For more World Risk and Insurance News from the 2015 RIMS Conference in New Orleans, visit the dedicated RIMS 2015 Channel in the WRIN.tv On Demand Library.