ANSI - American National Standards Institute
 Print this article  Previous Next 

ANSI and the ISA Release New Action Guide to Help CFOs Prepare for Cyber Attacks

The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask

New York, Oct 20, 2008

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack.

In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses – which can come from internal networks, the Internet or other private or public systems – to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation’s top four priority security issues.

“We are experiencing a financial meltdown due to a fundamental misunderstanding and mismanagement of modern financial systems, which is generating a crisis of confidence in our core institutions. Today, all our critical infrastructures are reliant on cyber systems that are also misunderstood and mismanaged. These vulnerabilities place both our financial and physical security in jeopardy unless we update the method we use to control our cyber systems,” said Larry Clinton, president of the ISA.

“The guide is revolutionary in its approach and extremely practical in its application. It will assist organizations in taking the necessary multi-dimensional approach to managing their cyber infrastructure by shifting the locus of control to the Chief Financial Officer,” Clinton explained.

Developed by a cross-sector task force representing more than 30 private and public sector organizations, The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask is the first known publication to approach the financial impact of cyber risks from the perspective of core business functions.

The document provides guidance to CFOs and their colleagues responsible for legal issues, business operations and technology, privacy and compliance, risk assessment and insurance, and corporate communications. It is organized in a question-based format, which makes it applicable to virtually any industry and any set of business circumstances.

The Financial Impact of Cyber Risk was unveiled this morning during a press conference at the National Press Club in Washington, DC. Two thousand copies of the publication are now en route to executives at leading companies across the nation. Electronic copies are available for free download at

“We urge all the owners and operators of our nation’s cyber systems to join with us in our joint effort to upgrade our nation’s security,” Clinton said.

In addition to the 50 strategic questions provided in the document, the action guide offers sample charts to aid in calculating the probability and severity of financial loss from both risk events and the actions taken to mitigate them. The guide also includes a list of standards and reference documents to help businesses develop comprehensive risk management frameworks.

“By bringing together a diverse group of cyber security experts, ANSI and the ISA have identified the potential gaps in the process of analyzing cyber risk,” said Fran Schrotter, senior vice president and chief operating officer at ANSI. “We have given C-Suite executives a tool that will assist them in developing and implementing a cyber risk management plan for their organization.”


About ANSI
ANSI is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

Development of The Financial Impact of Cyber Risk was organized by the (ANSI-HSSP), a cross-sector coordinating body that was established to catalog, promote, accelerate and coordinate the timely development of homeland security-related standards and communicate the existence of such standards appropriately to governmental units and the private sector.

About the ISA
The ISA is a non-profit collaboration between the Electronics Industries Alliance (EIA) and Carnegie Melon’s CyLab and works closely with the CERT Coordination Center (CERT/CC), a leading, recognized center of Internet security expertise. The non-profit helps law firms and companies in the aerospace, defense, entertainment, financial, food service, manufacturing and telecommunications sectors by standardizing best practices in Internet security and network survivability and by working with legislators and regulators to ensure that market incentives are at the forefront of public policy.

Company Member Online Discussion Board