Cyber risk is rarely out of the headlines. From high-profile data breaches to disruption caused by attacks on suppliers, the risks facing businesses are constantly evolving and standing still is no longer an option.
As organisations become more digital and more connected, cyber risk has moved from being a technical issue to a business wide priority. It is also reshaping the role of risk professionals and the skills needed to succeed in the field.
In a recent conversation, Fabrice Brossart, Group Chief Risk Officer at Hiscox, shared his thoughts on what businesses need to understand about cyber risk today; why being prepared matters just as much as prevention, and what makes a career in risk management both challenging and rewarding.
Cyber risk: an ever-changing “arms race”
One of the key things about cyber risk, Fabrice explains, is how quickly it changes.
Rather than a fixed threat, it’s more like an ongoing “arms race”, with attackers constantly adapting and organisations needing to do the same. At Hiscox, this means investing in cyber defences and continuously reviewing them as threats evolve.
But Fabrice is also realistic about the limits of even the strongest security measures. No organisation can be completely secure, and recognising that is an important part of managing cyber risk well and a mindset risk professionals need to adopt early in their careers.
Planning for when, not if
Accepting that cyber incidents can happen means thinking beyond prevention alone.
For Fabrice, this means having clear plans in place so the organisation knows how to respond if something does go wrong. Protecting sensitive customer and employee data is a top priority, as is ensuring that systems are designed so that, if there is a potential breach, it can be contained quickly.
This combination of strong defences and practical response planning sits at the heart of modern cyber risk management, and it’s an area where senior leadership involvement, clear decision making and strong communication are increasingly important.
Cyber risk, resilience and careers in risk management
Cyber risk doesn’t stop at the organisation’s boundaries
Another challenge is how connected organisations have become.
Businesses don’t operate in isolation. They rely on networks of suppliers, partners and third-party providers, which means cyber risk extends far beyond internal systems. Managing that risk involves understanding where weaknesses may exist across the wider network, and making sure they can either withstand an attack or be contained quickly if one occurs.
This broader ecosystem view is now essential when it comes to building operational resilience, and it highlights why collaboration across teams is such a key part of working in cyber and risk roles.
From theory to practice: the value of scenario testing
When it comes to putting resilience into practice, Fabrice is a strong believer in scenario testing.
Desktop exercises, crisis simulations and similar tests all help organisations understand how they would respond in real situations. They aren’t just technical exercises, they also test how people make decisions, communicate and work together under pressure.
Each exercise provides valuable learning. Even when things don’t go perfectly, they help organisations improve their readiness and respond better when it really matters.
A career at the crossroads of strategy, technology and people
Many of these themes also show why risk management is such a varied and engaging career.
Today’s risk professionals need to understand technology, think strategically and work closely with people across the business. Cyber risk sits at the intersection of technology, operations and human behaviour, making it one of the faster-moving and most complex areas of the field.
For anyone considering a career in risk, it’s this mix, combined with the opportunity to influence decisions and make a real impact, that makes the profession both demanding and rewarding.
What next?
To hear Fabrice share more of his perspective, watch the full video. If you are interested in learning more about careers in cyber risk and risk management, or exploring current opportunities at Hiscox, visit the Hiscox website to find out more and view our latest vacancies.
