Effective risk management starts with a cyber security governance program, according to Steve Ursillo Jr., Partner, Risk Assurance & Advisory and National Leader, Information Assurance and Cybersecurity at Cherry Bekaert. Organizations need to build and implement effective governance program with effective policies and procedures—one that is fully understood by leadership and management, including audit committees. While organizations need to focus on preventing breaches, which remains critical, they also need to assume they will be breached and build a transparent system that is understood in advance. Leadership’s understanding of how cyber risks can ultimately translate into business risks is crucial.
Thumbnail
Steve Ursillo, Jr.

Partner, Risk Assurance & Advisory and National Leader: Information Assurance & Cybersecurity, Cherry Bekaert LLP

is a Partner in Cherry Bekaert's Risk Assurance & Advisory Services (RAAS) group and serves as the National Leader for the Information Assurance & Cybersecurity practice. He specializes in technology risk management, internal control over financial reporting, information system security, privacy, cyber fraud, cybersecurity governance, IT assurance and IT advisory services. With more than 20 years of experience, Steve provides a variety of IT audit and security services for his clients across multiple industries. Steve holds several professional designations that are relevant to his experience and the firms’ practice consisting of the following: CPA, CIA, CGMA, CFE, CISA, CISM, CITP, CISSP, CGEIT, CRISC, CEH and CCSFP.