Trust in the new world: The evolving role of the Chief Risk Officer

There have been some major changes related to risk management in the last few years that have made many people take notice. Businesses and consumers alike are faced with new threats.

Take fraud as an example. According to LexisNexis, fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion just one year earlier. Additionally, between 500 million and 1 billion identities were stolen globally last year due to data breaches. Data breaches have remained an ongoing concern for many.

[ ALSO ON CSO: Will CSOs become CROs in the future? ]

It seems that these attacks are due to "bad guys" becoming more frequent and sophisticated. It also shows the importance of having a strong Chief Risk Officer at a company. But, the way we view Chief Risk Officers is evolving based on this changing landscape. For those of us in the industry, we need to shift our mindset and start thinking of ourselves as Chief Trust Officers. With this shift, we can focus on how to increase trust with our customers and key constituents.

Here are four key ways we can help to restore trust in this new world:

1. CROs Should Take First Line of Defense Responsibilities

In many organizations CROs play a pure oversight "second line of defense" role, but that might not be what is best anymore. Security and risk should be first priority for many companies, and in these companies risk organizations should be taking a first line of defense role, owning key business metrics such as loss rates, in addition to the oversight role.

2. Be Innovative, but stay human

A lot of risk management is about saying no, but true innovation happens when we can say yes. Trust isn't just about keeping bad guys out and threats away. We have to maintain high levels of protection without interfering with actual customer experiences. For PayPal it's our risk team's job to enable the good guys to pay anywhere and across any device. To do that, one has to leverage to the full extent the data the organization collects to manage risk effectively. "Big data" platforms and significant investments in data sciences capabilities are an important part of it. But they must be complemented by human insights. Using a combination of technology and deep understanding of human behavior will help companies to quickly and accurately assess risk and thrive.

Read more: Global Information Security Survey 2016 (NZ results): Confidence slips on cybersecurity

3. Futureproof your risk organization

As early as five years ago, even before mobile phones became the device of choice for our customers, PayPal started preparing to manage risk on mobile devices. And in this process, we recognized there were some inherent security advantages to mobile devices. A personal connection to a person's mobile device coupled with unique information such as location data actually allowed account verification more effectively. As a result, our mobile loss rate is lower than online. It's important for CROs to spot trends, prepare to face them and take advantage of what will come in the future.

4. Don't try to do it alone

There isn't a silver bullet when it comes to security and threats, and companies can't just build a big wall to stop people from getting in. With new threats being created every day, trust must be built between companies, customers and governments especially in a global organization. Managing risk properly takes a group effort. PayPal was a founding member of DMARC and of the FIDO Alliance and also recently participated in the White House's Cybersecurity Summit. We believe there needs to be a future where a password is no longer needed but it will take industry collaboration and a focus on building trust to get there. Ultimately, building these relationships and industry solutions will benefit us all.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinesecurityCSOfraud

More about CSOPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Tomer Barel

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place