Cyber Risk Management: Advancing The Conversation In The Boardroom

Companies across industries acutely recognize cyber risk as one of the most significant risks they face and one of the most challenging risks to manage.

Cyber adversaries are increasingly sophisticated, innovative, organized and relentless in developing new and nefarious ways to attack institutions. The scale, frequency and impact of cyber-attacks has risen over the last decade, and significant breaches and incidents are increasingly common and visible. The attack surface is expanding exponentially with the complexity of technology infrastructure and the speed of technology innovation.

As a result there is an increasing focus of shareholders, boards of directors and senior executives, as well as new and emerging regulations, which are a clear directive to keep cyber risk at the center of firms’ enterprise-wide business strategy, raise the overall bar for cyber resilience and protect the global economy. Companies will need to develop a tailored strategy to address the increasing cyber threat and prioritize investment in line with overall risk appetite.

Oliver Wyman has developed a structured and tested approach to enhancing Cyber Risk Management capabilities to enable companies to more effectively address the emerging cyber threat.


Boards and executive management need to look critically at the level of preparedness of their organization for the increasing risk of cyber attacks and invest to close gaps
Paul Mee, Partner, Oliver Wyman

Five Point Approach To Cyber Risk Management

1. Cyber Risk Appetite
Qualitative statements and quantitative metrics for level of defense, response strategy and investment
2. Cyber Risk Quantification
Comprehensive framework to quantify the likelihood and severity of cyber risk
3. Cyber Risk Dashboard
Measuring, monitoring and cascading cyber risk indicators
4. Cyber Risk Management Model
Optimal three Lines of Defense operating model for cyber risk management
5. Cyber Event Response Playbook
Structured holistic step-by-step approach for responding to a cyber-event (beyond the usual CIRT)

Cyber Risk Management Expertise  

Oliver Wyman has a differentiated Cyber Risk Management value proposition that leverages unique experience and capabilities across our Finance & Risk and Digital, Technology, Operations & Analytics practices.

Click here to see our latest articles and reports on Cyber Risk Management.