Key Steps in Risk Mitigation

Greg Sommer, Head of Operational Risk Assessments at Mercer, outlines three key areas for protecting your organization against cyber attacks.

As with so many other risks, when it comes to cybersecurity we believe that the best defense is a good offense. We asked our experts what they look for in a robust cybersecurity mitigation program. They gave us three checkpoints that you can start assessing at your organization now. 

1. Governance and policies

“That’s where it all starts,” Gregg says. “Everybody focuses on the technology which is very important, but you have assess your risks, the context of your organization, and have a culture of protection and understanding the risks.”

“It’s no different than a compliance culture or an investment culture—this is a serious risk and we must take it seriously.”

2. Employee training

Organizations are often not transparent about cybersecurity initiatives—but employees left in the dark can’t be expected to take the necessary precautions. “Employees can easily negate very sound networks and technologies that are put in place,” Gregg warns. A little bit of security savvy can go a long way in protecting your overall architecture.  

3. Network security

Gregg advises looking at security from three perspectives: hardware, application, and confidential data. If you fail to assess risk in any of these areas, you’re exposing yourself to vulnerabilities that may come back to bite you (and your clients and shareholders).

“Those are the three buckets and they all have to be implemented on a simultaneous basis,” Gregg stresses.  Only continuous and comprehensive program will give your organization the 360-degree cyber defense it needs.

Watch our video to learn more on Cybersecurity

 Contact a Mercer Consultant

Leave us your details and we will get back to you shortly.
*Required Fields
First name is required
Last name is required
Role is required
Organization is required
Industry is required
Email is required Email is invalid
Phone number is required
Company name is required
Country is required
Maximum 250 characters

I would like to receive communications about products and offerings from Mercer. I understand that I can unsubscribe at any time. 

By clicking Submit, I agree to the use of my personal information according to the Mercer Privacy Statement. I understand that my personal information may be transferred for processing outside my country of residence, where standards of data protection may be different.

There are some errors processing this form. Please check the fields and try again.

Thank You