Rethinking cyber risk: evolving approaches to risk appetite

Join this exclusive virtual briefing, delving into how best to approach risk appetite and activity triggers and effectively mitigate cyber risk.


Rethinking cyber risk: evolving approaches to risk appetite and metrics 

Exclusive Virtual Briefing
Thursday, February 25 | 10:00 AM (EST) / 3:00 PM (GMT)


Rethinking cyber risk: evolving approaches to risk appetite and metrics

The task of defining cyber threat is far from simple. 2020 showed how quickly the threat landscape can change. With a constantly moving target, risk teams are struggling to assess the financial impact of cyber risk and find a cost-effective way to tackle it. Overcoming this challenge is an essential step in defining risk appetite and creating effective risk mitigation plans. The Basel Committee is also urging firms to do more to articulate and communicate their strategy. Recent revisions to its Principles for Sound Management of Operational Risk set out enhanced requirements around defining risk appetite, with an emphasis on Information and Communication Technology (ICT) as a key source of operational risk. 

So how should you tackle this complex task? In this briefing our experts  will delve into how best to approach risk appetite and activity triggers and effectively mitigate cyber risk.  

The upcoming brief will provide essential viewing for risk leaders aiming to get a better handle on cyber risk in 2021. 

Mandar Rege

Managing director, operational risk management, technology and cybersecurity


Mandar has over 20 years of engineering and risk management experience across Technology Operations, Governance and Audit, helping organizations meet business objectives through technology. Currently he is serving as a Managing Director at Citigroup in the Operational Risk group. Prior to Citi, Mandar was the Global CTRO at TD Bank Group, before which he served as the CTRO and CISO at the Bank of Montreal. In his prior career, Mandar has worked extensively with financial institutions globally through leadership roles at Cisco Systems, Inc., Accenture LLC, Alvarez & Marsal LLP,  KPMG LLP and Ernst & Young LLP.

Mandar is an active member of the professional community and has presented at industry forums like Risk.Net, RSA and IAPP Conferences. Additionally, he is active in various profesional organizations such as ISACA, IAPP and ISC2 and has served as the Chair of the Canadian Banking Association’s CIRT (CISO Forum). He holds the CISSP, CIPP, CISA, and PMP certifications.


Chris Harner

FRM Managing Director


Chris leads Milliman’s Cyber Risk Solutions (CRS). The practice offers clients innovative solutions for quantfying complex risks, including cyber, vendor, conduct and operational risk. CRS uses causal modeling integrating cognitive mapping, complexity science and Bayesian nets to quantify and aggregate risk. The solution can also be applied to cyber underwriting, accumulation risk and non-affirmative (i.e., silent cyber) risk. Lastly, CRS integrates artificial intelligence and machine learning (AI/ML) to construct sentiment analysis, distinguishing “signal” from noise in order to provide clients with an emerging threat framework.


Chris has 20+ years of broad industry experience in banking, insurance and consulting. His international experience spans work in Zurich, London, Athens, Moscow and New York. Previous employment included: UBS, Renaissance Capital, ABN Amro, Frank Russell Securities and AIG. 

Prior to joining Milliman, Chris was a Senior Manager in EY’s Enterprise Risk Services (ERS) practice serving banking and insurance clients for 8 years. 
Professional experience and subject matter advisory include:

  • ERM frameworks, assessments, governance
  • Operational and compliance risk
  • Preparing for regulatory supervision (FRB, OCC) and conducting regulatory remediation
  • Designing Integrated FP&A frameworks
  • Complex project management, including leading large teams, interfacing with SMAs executive stakeholders. 
  • Twenty years of experience in financial services and risk management
  • Ten years of experience in fixed income
  • Eight years of experience in Emerging Markets with an emphasis on Russia and Eastern Europe.


  • BA Foreign Language / International Affairs (FLIA), University of Puget Sound 
  • MBA, International Finance, Thunderbird, School of Global Management
  • FRM, Financial Risk Manager – Certified by GARP

Chris is fluent in German and Russian.

Chris Beck

Executive risk consultant


Chris is a member of Milliman’s Cyber Risk Solutions (CRS) practice group.  The practice delivers a portfolio of risk consulting services, such as enterprise risk design, cyber risk assessment and quantification, test and build projects, operational risk assessments, enterprise risk management (ERM) education and training, and ERM technology evaluation. The CRS practice uses diagnostic consulting strategies to understand an organization’s enterprise risk goals and challenges and then customize solutions to deliver required business results. 


Chris has 15 years of professional experience.  His experience includes work in the banking, insurance, capital markets and card sectors helping clients assess and mitigate risk. 

Prior to joining Milliman, Chris was a Senior Manager in Accenture’s Finance and Risk Management Consulting practice, delivering work for global financial service clients.   Additionally, Chris served as an active duty Naval Officer and has multiple overseas deployments. 

Professional experience and subject matter advisory includes: 

  • Cyber Security metrics and governance
  • Financial Service Regulatory and Compliance initiatives
  • Risk Management 
  • Corporate and Risk Governance
  • Surveillance 
  • Financial Services operating model and cost reduction
  • Regulatory remediation and responses
  • Legal department risk and optimization
  • Leading large cross functional projects and teams


  • BS Political Science, University of Wisconsin–Madison
  • MBA, University of Chicago – Booth School of Business

Quantify cyber risk beyond traditional methods
Determine risk appetite for cyber like other risks
Identify key metrics to communicate cyber threat to the board
Effectively link metrics to risk appetite

If you have any questions about this virtual briefing, please don't hesitate to contact us: