Cyber Risk, If You See FM Global’s Antonio Faria Coming, You Better Run
When it comes to protecting a property from floods, fires and other natural hazards, insurance isn’t the only way to reduce the risk of a major loss. Companies can take a loss-prevention approach by making sure their business is able to withstand natural hazards.
The belief that the majority of loss is preventable has been a guiding principle for FM Global in its nearly 200 years as a commercial property insurer. But when examining cyber risks at the company, vice president and chief information security officer Antonio “Tony” Faria noticed gaps in the company’s risk management strategy.
FM Global used one set of security risk assessment experts to identify risks from internal technology implementation and another to pinpoint risks from third-party vendors or services.
The process felt cumbersome and inefficient. Having two sets of security experts identifying and addressing risks led to delayed assessments, resulting in confusion and risks being flagged as security threats even though they had been addressed previously.
Cyber risks must be taken seriously. If a breach occurs, FM Global’s own operations, data and reputation could be compromised — and so would those of their clients.
“If we have a business initiative, why do we need a hand off between people to do different aspects of that security engagement?” Faria said.
These issues got him thinking: What if FM Global took the same approach to cyber risk that it did to understanding property risks from natural hazards?
Together with the company’s risk manager, Faria and his team of cyber security experts developed a cyber security risk management program that would become the basis for the FM Global Risk Assessment, a comprehensive cyber readiness assessment for policyholders.
“We took the same data-driven, engineering, research-based approach so we can help our clients manage and understand the cyber risk,” Jeff Tilley, FM Global’s vice president cyber hazards, said.
Tilley also lauded Faria’s efforts to understand the ever-changing nuances of cyber risk: “Cyber is a very rapidly evolving risk, and Tony and his team have their fingers on the pulse of those changes,” he said.
Since implementing the program, the quality of cyber risk assessments has improved, and FM Global has been able to maintain a smaller security risk assessment team while still delivering excellent results.
Using one set of security experts and delivering a single report has made the process less confusing for business leaders and other stakeholders.
“You’ve got one contact. You’ve got one risk assessment, and you’ve got one report with one set of prioritized risk improvements,” Faria said. &
Risk All Stars stand out from their peers by overcoming challenges through exceptional problem solving, creativity, clarity of vision and passion.