How ESRM is Making a DifferenceTom Berkery, Dan Funk, Jeff Sieben

Session # 5311

Panelists

Daniel Funk, CPCI, ARMManager

Discover Financial Services

Thomas Berkery, CSPOLead Security Investigations

and ReportingDiscover Financial Services

Jeff Sieben, CPP, CISSP, PMPIT Security Council Chair

Product ManagerResolver Inc.

What is ESRM?

• Guideline (draft)• Aligns Security to strategy

• All Security Disciplines included

• Context of ESRM – Mission/Vision, Values, Stakeholder, Environment

• Link to ESRM Guideline: https://www.asisonline.org/publications--resources/standards--guidelines/esrm-guideline/executive-summary/

• Initiation to Organizational ESRM

Stakeholders

• Understanding key players

• Wolf pack vs lone wolf (silos)

• Asset owners/decision makers (Extreme Ownership)

• Others

Techniques Available for Managing Risks

How ESRM is Making a Difference

• Sell your program with data• Everyone is trying to purchase insurance

• Try an differentiate yourself from your competitors for a better rate and premium

• Try to make the underwriter comfortable with underwriting the risk

• Keep trust high

Incident Response Procedure• Procedures\process of thorough

and accurate reporting

• Incident reports are being reviewed for accuracy and thoroughness

• Urgency in escalation and notification to senior management and teams responsible for action

Increased Cost of Untimely (Lag) Reporting

• 0-3 day reporting by employer to carrier is the industry standard

• Employers report approximately 70% of their claims within 0-3 days

• Best practices is 80% of all claims should be reported in 0-3 days

• Example - Loss that should have cost $100K that is reported week 2 (7-14 days) after the incident will likely cost an additional 20% or $20K

Risk Management Culture

• All employees (the business)• Training, education, loss prevention

• How to plan, drill

• Helping employees know how to respond

Risk Management – Cyber Example

• Identify the risks

• Size the risks

• Quantify the exposure

• Avoid/Mitigate (cyber team)

• Transfer • Buy Insurance

• Accept

Risk Management – Third Party Technology

• Contingent business interruption

• Using cloud-based vendors

• Large data volumes• Transactions

• System Logs

• Image/Video/Voice processing

• AI/ML

• Autonomous vehicles/drones/robots

• 5G

Q&A