This is the first known guidance document to approach the financial impact of cyber risks from the perspective of core business functions.  It provides guidance to CFOs and their colleagues responsible for legal issues, business operations and technology, privacy and compliance, risk assessment and insurance, and corporate communications.

Cyber security is vital to America’s economic well-being. Its importance was underscored in 2008 by U.S. Homeland Security Secretary Michael Chertoff, who named it one of the nation’s four priority security issues, alongside border security.

Corporations use cyber systems to accomplish real-time tracking of supply chains, manage inventory, improve employee efficiency, generate on-line commerce, and more. Virtually every corporation has, by now, calculated the positive aspects of digitalization into its
immediate and long-term business plans.

Unfortunately, corporations have often failed to properly account for the financial downside resulting from the risks of cyber systems. Corporate America cannot be completely faulted for this deficiency, since to date there has not been any agreed upon methodology for understanding and mitigating the potential financial losses associated with network security and cyber risk. The classic financial risk management discipline that Chief Financial Officers and Risk Managers use to deal with brick-and-mortar risks has not been systematically applied to digital risks. While there is a substantial body of work dealing with the technical standards of network, internet and computer system security and plenty of attention has been paid to important issues such as data encryption and best-in-class security technologies, classic financial risk management— as it pertains to cyber security exposures—has been largely overlooked.




The purpose of this work is to correct that deficiency by providing guidance in both the identification and quantification of the financial risk due to issues related to information security.

                        ISAlliance President Larry Clinton

Thanks to the joint effort organized by the American National Standards Institute’s (ANSI) Homeland Security Standards Panel and the Internet Security Alliance (ISA), with input provided by the many industry and public sector professionals who contributed their time and energy, the work represents an Action Guide that private sector enterprises can undertake to assess and address the financial exposure of cyber security from all angles. It is a tool the CFO — and often other executives — can use to build a framework for analyzing, managing and transferring the Net Financial Risk of cyber security. As opposed to focusing on technological standards or even best practices, this guide is presented to further advance the understanding of financial management.

Free electronic version of The Financila Impact of Cyber Risk 50 Questions Every CFO Should Ask - Click Here


Please contact ISAlliance if you would like to order hard copies of his action guide for a nominal fee - This email address is being protected from spam bots, you need Javascript enabled to view it