Will Brandon, BoE’s Chief Information Security Officer, spoke to the City Week conference on how firms should position cyber risk within their risk management frameworks. He stressed that cyber attacks are almost always not purely technical, but are facilitated in some way by people or process weaknesses in their victims’ defences. So firms must be aware of how social engineering can expose vulnerabilities that the firms then need to patch up. He said that outdated operating systems, poor patching, untrained staff, unsegregated networks and weak security monitoring will all increase a firm’s risk but can all be addressed. Institutions also need a plan to respond to a critical incident. He concluded by saying that firms should treat cyber risk like any other risk, and understand it so they can manage it. (Source: BoE speaks on cyber risk)