On the latest episode of Risk Management: Brick by Brick, Jason Reichl is joined by Jacquie Parker, Director of Risk Management at The PENTA Building Group, a relationship-focused general contractor.
In this episode, Jason and Jacquie explore the intersection of cybersecurity and risk management, highlighting the importance of proactive cyber risk assessments, vendor management, and privacy policies.
To find out how TrustLayer manages risk so that people can build the physical world around us, head to TrustLayer.io.
Communicating Cybersecurity to C-Suite and Frontline Employees: A Dual Approach
Effective cybersecurity management requires both top-down and bottom-up engagement. Jacquie highlights two distinct groups: the C-suite and frontline employees. Both play critical roles in safeguarding an organization, but their involvement and understanding of cybersecurity risks vary significantly.
The C-suite is often motivated by financial implications. Jacquie suggests that illustrating the potential cost of a breach can be a powerful tool in communicating the urgency of cybersecurity measures. Comparisons between the expense of security measures and the catastrophic financial impact of a breach can help executives recognize the importance of investing in robust cybersecurity protocols. This financial framing speaks directly to what often drives C-suite decisions: the bottom line.
On the other end, frontline employees who interact daily with potentially risky digital environments—like email and other online platforms—pose a significant risk if left untrained or unaware of social engineering threats. Jacquie says “social engineering crimes are one are, if not the highest, vector in which hackers get into systems.” These employees are the ones who might click on a suspicious link, unwittingly exposing the entire organization to a cyberattack.
It’s clear that cybersecurity training should not be limited to executive meetings or annual reviews but integrated into the regular operational cadence. Ongoing education and proactive measures are essential in mitigating these ever-evolving threats.
Mitigating Cybersecurity Risks: The Importance of Expert Partnerships
As cyber threats become more sophisticated, the imperative for organizations to adopt comprehensive cybersecurity strategies is clearer than ever. Jacquie highlights the crucial steps that organizations should take to bolster their cyber defenses, emphasizing the significance of conducting thorough cyber risk assessments. Unlike traditional enterprise risk assessments, a cyber risk assessment focuses specifically on vulnerabilities in technical systems and processes, providing organizations with a clearer picture of their security posture.
“That's going to give us such a better understanding of where the gaps are in your tech in the technical part, but also in the policy side or the process side of it, and as well as legally.”
Jacquie notes that many businesses—especially small and medium-sized enterprises—often underestimate their exposure to cyber risks. These organizations may not recognize that their managed service providers (MSPs) can pose significant security threats if not properly vetted. The lack of understanding regarding the security practices of MSPs can leave companies vulnerable, making it essential for risk managers to conduct due diligence before entering partnerships.
Furthermore, Jacquie advocates for collaboration with specialized experts to navigate the complexities of cybersecurity and privacy. Engaging with knowledgeable insurance brokers and legal counsel experienced in cybersecurity law can significantly enhance an organization’s ability to identify and mitigate risks. Contracts should be carefully reviewed to ensure they address data sharing and protection, safeguarding the organization against potential breaches.
In her experience, organizations that adopt a proactive approach to cybersecurity—by prioritizing risk assessments and leveraging expert partnerships—are better positioned to defend against cyber threats. Jacquie’s emphasis on understanding both technical and policy gaps resonates strongly in today’s rapidly changing cyber landscape, where agility and innovation are paramount in the fight against cybercrime.
To find out more about third-party risk management, tune in to this episode of Risk Management: Brick by Brick.
Apple: https://apple.co/3XGZVnX
Spotify: https://spoti.fi/4espq30
Podcast Host: Jason Reichl
Executive Producer: Don Halliwell
