CYBER RISKS, CYBER SECURITY AND PUBLIC RISK MANAGEMENT

Sarah Perry, ARM-P
Risk Manager, City of Columbia, Missouri
background image

The topics of cyber risk and cyber security have been around for a while, but wrapping our heads around these topics seems to be something with which many of us public risk management professionals struggle. As chair of PRIMA’s External Affairs Committee, cyber risks and security are topics that we have been discussing for more than a year, and still strive to define.

While the following may not provide answers to the bigger questions regarding cyber security, hopefully, it will help us to wrap our collective heads around the potential exposures. First, let’s look at some definitions.

Cyber Risk – any risk of financial loss, disruption, or damage to the reputation of an organization from some sort of failure of its information technology system. (1)
Cyber Security – protection of computers, networks, programs and data from unintended or unauthorized access, change, or destruction.

Next, what are some of the risks to our cyber security? Again, the list is evolving, but below are some of the more common exposures that may pose a threat.

  • Loss of hardware through theft or accidental loss – think of this as the physical loss of any device with sensitive information, including laptops, tablets, cell phones, and hard drives.
  • Misuse of data by employees or other insiders – could be anyone with access to data who might use or exploit private information for personal gain.
  • Web application attacks – a category which may include defacing a website, additions of spam or a malicious code, theft of account and database information, and access to classified content.
  • Phishing – any activity that attempts to gain sensitive information by posing as a legitimate site. Phishing efforts may ask for specific information or may contain links to malicious software (which is often referred to as pharming).
  • Dedicated Denial of Service (DDOS) attacks – an activity where multiple systems, sometimes hundreds or thousands, target a website or system causing a slowing or complete shutdown of the website or system.
  • Cyber extortion – any kind of attack where a ransom is demanded before the assault is disengaged.
    Point-of-sale (POS) attacks – an effort to gain credit card data through data skimming (installation of hardware to a point of sale terminal), malware (exploits the gap(s) in security while credit card data is being processed), and even the cloning of cards or their data.
  • Payment card skimming – a form of POS attack method where a small device is installed on a credit card reader to scan and store data from the magnetic strip.
  • Viruses – programs from other infected computers, data medium (CD, DVD, etc.) or through a network which replicates itself and can infect other computers or device in a network.
  • Worms – programs which copy themselves across a network or computer program

Recognizing and identifying the various types of cyber risks that threaten the security of our entities is just the beginning of the process. From here, the risk management process of assessment, development and evaluation of a plan, implementation of risk management actions, and monitoring the results is crucial.

By: Sarah Perry, ARM-P
Risk Manager, City of Columbia, Missouri

Summary of Qualifications

Sarah Perry began her insurance and risk management career in the early 1980’s with a major insurance broker. She worked in risk management for an Iowa hospital and for a workers’ compensation trust in Missouri prior to joining the City of Columbia, Missouri in 1997 as the risk manager. Sarah is active in the Missouri chapter of PRIMA, was involved in PRIMA’s Core Competencies Initiative and has participated in PRIMA’s Conference Planning Committees 2004 through 2010. Sarah served on the PRIMA Board of Directors 2003 – 2010, and as president of the Board July 2008 - 2009. Currently Sarah is serving as the chair of PRIMA’s External Affairs committee.

Responsibilities

Administers City of Columbia’s self insurance for workers’ compensation, liability, and property coverages, as well as straight insurance for risks as specified by city administration. Works with representatives from all city departments to identify potential problems. Develops and assists in implementation of city-wide strategies to prevent and minimize losses. Plans and conducts loss prevention, safety and health, and other training for city employees. Applies for, and administers brokered insurance coverage. Coordinates selection of the city’s insurance brokers and third party claim administrator. Monitors performance of broker, TPA, medical providers. Coordinates legal activities regarding city claims. Responds to and resolves difficult and sensitive inquiries and complaints from citizens, employees, or employee bargaining units. Prepares annual budget for the risk management division. Assists the city’s budgeting division in allocation of insurance costs to city departments and divisions. Serves as a liaison for the risk management division with other city departments/divisions and outside agencies. Supervises risk management staff.

Education

Masters in Strategic Leadership (2011) - Stephens College, Columbia, Missouri

Bachelor of Arts in Business Administration (2001) - Stephens College, Columbia, Missouri

Associate in Risk Management for Public Entities (ARM-P)

Sign Up for Our Education Newsletter

You Might Also Be Interested In