In preparations for Cyber Resilience Conference, we spoke with Dr. Leila Taghizadeh, heads the Cyber Risk Management at Allianz Group.
Leila, currently, heads the Cyber Risk Management at Allianz Group, a global leader in insurance and asset management. With prior experience at SWIFT and EUROCLEAR, she has a strong understanding of the challenges faced by organisations in balancing cyber risk and compliance. With a PhD in physics and a background in teaching and research, she is a sought-after speaker on the topic of cyber security for executives. Additionally, her advocacy in the field of AI for good highlights her dedication to using technology for the greater good and promoting sustainable solutions to save the environment and species.
What do you think are the biggest challenges in the field of (cyber) security?
In the cybersecurity sphere, we face numerous challenges, with compliance risk standing tall amongst them. Compliance risk is distinct, but it doesn’t exist in isolation; it’s intricately tied to other facets of risk within an organization. It’s not a static issue that can be boxed into a simple category but a dynamic element constantly interacting with various parts of an organization.
Every day brings new requirements and changes to the risk landscape. What seems risk-free today might swiftly transform into a major vulnerability tomorrow due to changes in regulatory requirements, technological advancements, or shifts in organizational strategy. This fluctuating risk environment, coupled with the changing nature of threats, make it a significant challenge to manage.
When dealing with compliance risk, it’s not just about assessing the risk in isolation but understanding its potential impact on various levels. This extends from how it affects the organization’s regulatory compliance posture to its effect on daily operations. But perhaps the most critical aspect to consider is the impact on our people.
After all, humans are at the heart of our organizations, and their safety and trust are paramount. If a cyber risk eventuates, it’s not only systems and data at stake, but also people’s trust, productivity, and wellbeing. So, our approach to cybersecurity must always be proactive, comprehensive, and most importantly, people-centered.
Where do you see things often going wrong in the field of (cyber) security?
In the realm of cybersecurity, a key issue is often the communication gap between security professionals and business stakeholders. As experts, we need to consistently engage with our teams, educating them about potential risks. However, it’s crucial to translate these risks into business terms to ensure comprehension and drive effective action.
The nuances of security and business are distinct languages, which we must all acknowledge. As security experts, our duty goes beyond identifying risks. We must also consider their relevance to our organization: could this risk materialize here? If so, what impact might it have? Who would it affect and what could be the consequences? So, our approach should always be context-specific, thorough, and communicative to navigate these challenges effectively.
You are providing a session at Cyber Resilience Conference on June 1. What are you going to talk about?
Keynote: Building an Organisation’s Risk Framework and Engaging with Its Senior Management.
At the Cyber Resilience Conference on June 1, I’ll be presenting a keynote titled, “Building an Organisation’s Risk Framework and Engaging with Its Senior Management.” In the current digital age, escalating cyber threats continually put our valuable data and essential systems at risk. It’s become an imperative for organizations to not only understand, but also effectively manage their cyber risks.
This is where implementing a robust risk management framework comes into play. A well-constructed risk framework, complemented by strong governance, helps organizations enhance their resilience and security, providing a comprehensive perspective on their risk profiles. Involving all organizational levels in this process offers senior management a holistic view of the organization’s risk exposure. In our discussion, we’ll delve into striking the fine balance between regulatory adherence and cyber risk management amidst the growing wave of cyber threats.
And finally, what tip would you like to give a security professional?
The most important tip that I can give is to foster open communication beyond your immediate team. Get to know the issues and risks unique to each department and understand their day-to-day challenges. Most crucially, ensure you’re communicating these complexities not just in security jargon but in a language that resonates with the business as a whole.