Return to site

Stress test your cyber governance

· cybercriminal,cyber governance,reputation risk

Over the years there have been numerous projects to forecast and risk manage for the possible Cybercrime futures. One worth noting is Project 2020, an initiative of the International Cyber Security Protection Alliance (ICSPA) forged back in 2013. This was a project designed between ICSPA, Europol, ENISA, the City of London Police, Atos, McAfee, CGI Canada, Trend Micro, Cassidian and Visa.

The aim of Project 2020 was to anticipate the future of cybercrime, enabling governments, businesses, and citizens to prepare themselves for the challenges and opportunities of the coming decade. It comprised a range of activities, including common threat reporting, scenario exercises, policy guidance and capacity building.

Perhaps the most interesting practical insights from this 2013 Project 2020 report were the 6 questions they identified that should be answered by today’s stakeholders and decision makers wheen looking to future proof your governance and operating models.

  1. Who owns the data in your networked systems, and for how long? Your Company, JV's/Partners/Distributors/Agents or 3rd party vendors?
  2. Who will distinguish between data misuse and legitimate use, and will you achieve consistency? What data will the authorities be able to access and use for the purposes of preventing and disrupting criminal - or reputationally risky activity?
  3. Who covers (and recovers) the losses, both financial and in terms of data recovery? At what cost/ROI?
  4. Who secures the joins between services, applications, and networks? And how can objects that use different technologies operate safely in the same environment? 
  5. Do we want local or global governance and security solutions?
  6. Will we be able to transition to the new governance and business model without causing global shocks, schisms and/or significant financial damage? 

I have found these 6 questions to be a useful starting point when stress testing for cyber governance.


If you enjoyed this post check out "How to Survive a Hack" from the Cyber Breach Simulation held at the Thomson Reuters ASEAN Regulatory Summit. We will continue the discussion on cyber crime and data privacy at the Pan-Asian Regulatory Summit that is taking place on the 8th & 9th of November, 2016 at the Grand Hyatt in Hong Kong. For the full agenda and details on how to register, please visit the website.

I appreciate that you are reading my post. Here, and on LinkedIn, I write about board related issues - corporate strategy, human capital, reputation risk, technology and innovation, corporate governance and risk management trends.

If we have met, do send me a LinkedIN invite. And, of course, feel free to also connect viaTwitter.

If you are interested in more effective reputation risk management, improving corporate governance, using the Reputation Institute's RepTrak model to benchmark your company's reputation, or developing your digital, communications, responsible investment or sustainability strategies, do connect with us at RL Expert Group.

For more on this topic, check out my other recent LinkedIn Influencer posts on the Reputation Risk Management agenda:

About Leesa Soulodre:

Managing Partner and Director of RL Expert Group, an international reputation risk management think tank and consulting practice and Asia Associate of the Reputation Institute. An Innovation Advisor to the European Commission and to the University of Illinois Urbana Champaign Advanced Digital Science Centre, Singapore. Board Advisor to Belgian PR Software firm, Prezly, Korean Fashion Analytics firm FashionMatch, and the US Sports Analytics firm, Autoscout.

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!