Cyber risk management from the SME point of view

Most large businesses have already incorporated cyber risk management into their business strategy because there is a broader awareness of the need for holistic and thoughtful protection from cyber threats. However, unlike large businesses, small and medium-sized enterprises (SMEs) generally do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk for SMEs is a real and growing phenomenon. However, SMEs need to Ready for Cyber Battle. Cyber crime is now very much part of interconnected global risks, with attacks against all businesses almost doubling in the last five years. Most worrying of all, statistics show that between 60 percent and 70 percent of SMEs are unable to survive a breach and are out of business within six months – all because they have no supplemental support mechanism in place to help them rebuild the company and reinstate their operations. (Source: Insurance Journal)

Due to the new General Regulation of Data Protection (GDPR) of the European Union, organizations are prioritizing this cyber risk in their corporate agenda. Considering that nowadays only 16% of the market value of S&P 500 companies is in physical assets and the rest comes from intangibles, it’s easy to understand why cyber risk management has become a priority issue.

In this webinar we will analyze the main barriers for SMEs to manage cyber risk and we will go through some key aspects to be taken into account in cyber risk management.

The webinar will be held on Wednesday, October 17, 2018, at 10:30 CEST

Who should attend

The webinar is open to all interested in the cybersecurity landscape, especially those concerned with cyber risk management.

Agenda

• 10:30 - 10:35 Cyberwatching.eu - The EU Cybersecurity & Privacy Observatory  Nicholas Ferguson.  Trust-IT Services & Cyberwatching.eu project
• 10:35 - 10:45 Cybersecurity needs and barriers of SMEs. Reporting Research Results. Samuel Fricker, University of Applied Sciences Northwestern Switzerland (FHNW)
• 10:45 - 10:55 Singing off the same hymn sheet John Davies. CyberWales
• 10:55 - 11:05 Addressing cyber risk management from the SME perspective (Hispasec Case)  Miguel Manteca. HISPASEC
• 11:05 - 11:15 CYBECO - a new framework for managing cybersecurity risks focusing on cyberinsurance Aitor Couce. ICMAT
• 11:15 - 11:25 Measuring the economic impact of cyberattacks on firms and critical sectors Ahmed Bounfour. Paris-Sud University.
• 11:25 - 11:35 Training and Simulation in support of the SMEs - The CYBERWISER.eu project. Ioannis Kechaoglou, Rhea Group
• 11:35 - 11:45 Q&A

Who are the speakers?

• Samuel Fricker (Ph.D., Professor of requirements engineering at FHNW University of Applied Sciences and assistant professor at Blekinge Institute of Technology) will talk about the results of a research report developed under the SMESEC project focusing on SME needs when it comes to cybersecurity. He would also talked about SMESEC project, which aims to support SMEs in the area of cybersecurity in two different ways. On the one hand, by providing a framework with different tools and mechanisms for identification, protection, detection and response of systems and, on the other hand, cybersecurity training and awareness

 "Small and medium-sized enterprises (SMEs) are the new target for cyberattacks. In this webinar, we look at lightweight ways that allow SMEs to protect themselves thoroughly. The participant will receive food for thought, a checklist, and an invitation to the SMESEC beta programme."

• John Davies (Co-founder and Chair of Cyber Wales and Managing Director of Pervade Software) will talk about how being part of a cluster could benefit SMEs in facing cyber risk management. He will offer his point of view as cluster manager, on what SMEs need, differences among the different members (universities, SME, research institutes, etc.) in how they face the risk management and the importance they give.

"Consistency of an interpretation of Risk is far more important than how brilliant that interpretation is - keep it simple!"

• Miguel Manteca's (Technical Sales Manager at HISPASEC) presentation will focus on making visible the most frequent cyber risks to which SMEs are exposed. Emphasis will be placed on the loss of data and its possible consequences for the business. The talk will try to give the guidelines to prevent them and make your company digitally safer. Brief introduction to the "Seriot" European project, which addresses the issue of internet security of things.

• Aitor Couce (Research assistant at ICMAT working in the H2020 project CYBECO) will present CYBECO. CYBECO will have a significant impact on information security investments, on the societal understanding of information security failures and how they should be addressed by properly incorporating intentionality into risk models and facilitating understanding of cyber security failures. “It is difficult for companies to decide on whether to buy insurance or not. CYBECO will help with that decision”.

• Ahmed Bounfour (Chair professor at Paris-Sud University & Scientific coordinator of the Hermeneut project) will present the first systemic effort in measuring the economic impact on firms and critical sectors (ICT, finance), using complementary approaches (financial, NLP, econometrics).

"When comparing those attacked firms from our sample, to their non-attacked counterparts, the loss of value in their intangibles is roughtly around 20%. Furthermore, the simulated cascading effect for critical sectors is expressed into billions of euros, whereas the overall insurance market is less than 4Bns worldwide".

• Ioannis Kechaoglou (Security Engineer at Rhea Group) will present CYBERWISER.eu, building on a 3-year legacy brought by its predecessor WISER, aims to become the EU’s reference, authoritative, independent cyber range platform for professional training. CYBERWISER.eu will provide a simulated environment to create cyber incident and cyber attacks scenarios where both students and IT professionals evolve their skills and continuously evaluate their performance, getting ready for future real attack episodes. SMEs can benefit from the results of this project.