- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
BOOK: The Weakest Link
Written by (reviewer) Mark Evans, publisher, CIR
The Weakest Link
Jeremy Swinfen-Green & Paul Dorey, Bloomsbury, 2016
“People are a problem.” Or so said Douglas Adams in his comic novel The Restaurant at the End of the Universe. As is often the case, the funny is also the insightful, and when it comes to cyber security people really are very much a problem. In their new book, The Weakest Link, Jeremy Swinfen-Green and Paul Dorey explore the issues of employees’ behaviours around cyber risk. The results make for far from reassuring reading.
Linking risk with psychology is hardly new, but the authors do manage to shed new light on the pressures that drive both the honest and dishonest employee to create problems, from misuse of a tweet via carelessness to outright fraud. As such, it forms something of a handbook on the potential structural and behavioural elements that might be considered in building policy and safeguards.
This makes Bloomsbury’s latest offering for the risk community quite a practical book, with ideas for creating more robust security and the risks that can be less apparent – even to the use of humour as an effective part of the armoury. Moreover it is an easy read, with major issues highlighted in small case studies of incidents that bring the message home and serve to add poignant reminders of the risks faced.
Niggles include the now almost compulsory name checking of Daniel Kahneman and behavioural economics and a slight lack of clarity to its audience: are those involved in the detailed creation of IT security polices actually unaware of what phishing is? But comprehensive it is, and it scores in a major way for this reviewer in that it accepts that risk is a sliding scale, and that it is an area for decision and management rather than eradication.
In all, a well-written practical guide that seems rooted in years of experience, sometimes painful, of what can go wrong, and food for thought for anyone with responsibility for cyber security – or indeed just about anyone who uses the internet.