Bright Wu
Aon Taiwan Ltd. / Executive Director, Taiwan Regional Cyber Risk
Bright Wu works for Aon Taiwan. He is the 2024 Top Agile CEO Award Winner and the 2023 ISC2 Mid-Career Professional Award (APAC). He obtains Cybersecurity Committee Member at SEMI Taiwan, qualified instructor of cyber governance for the Taiwan Corporate Governance Association and Taiwan Academy of Banking and Finance.
He has written over thirty articles in English, Chinese and Japanese, particularly for SEMI Blogs / Standards Watch, Bloomberg Businessweek Chinese (in Chinese) and Harvard Business Review (Complex Chinese Edition). His resilience book "The Leadership Tightrope: Best and Worst Practices of Agile and Resilient Management" was selected as the 2020 “Book of the Month,” recommended by the National Academy of Civil Service in Taiwan. In 2024, the book is reprinted and with an update on agility and cyber risk management, which achieved international recognition.
Bright expects himself to build a bridge between cyber risk management, information security management system (ISMS), and information security governance (ISG) based on cybersecurity standards. With his focus on business continuity and cyber risks, Bright recently has applied agility methodology to cyber incident response.
Build Network Resilience of Business Continuity
Aon Risk Management Consulting helps clients manage their full cyber risk lifecycle, with the goal of building and maintaining sustained cyber resilience. Our holistic cyber offerings – including proactive, reactive and cyber insurance coverage – help clients identify, assess, mitigate and transfer cyber risk and quickly recover from attacks.
In 2024, an industry-academia collaboration team published the first cybersecurity scenario case study in the global Complex Chinese edition of Harvard Business Review. The case study emphasizes "using fictional business stories to illustrate the potential dilemmas faced by leaders."
Set against the backdrop of a major screw manufacturer, a typical Taiwanese manufacturing enterprise, the case follows the factory’s transition toward smart manufacturing. After a cyberattack shuts down the entire production line, the company’s future operations are threatened. However, compromising with the hackers could damage its reputation and carry legal risks. With the ransom deadline fast approaching, should the Chairman pay the ransom?
The case study was released just as Taiwan’s listed companies were facing significant regulatory changes regarding mandatory cybersecurity disclosures in 2024. Would board members and senior executives of publicly traded companies still find themselves caught in a dilemma when dealing with ransomware attacks? The team also incorporated AI tools for the first time to guide group discussions. Reflecting on past experiences in board and executive education, does the combination of case studies and AI-based teaching enhance participants' cybersecurity awareness and learning outcomes?
Starting from 2024, there has been a significant policy change regarding the disclosure of major cybersecurity incidents by publicly listed companies. In response to the growing concerns of external stakeholders, a company’s cybersecurity emergency response team may expand beyond just the Chief Information Security Officer (CISO) and the cybersecurity team to include senior executives such as the General Manager, Spokesperson, Chief Legal Officer, Chief Financial Officer, and Public Relations Director. However, most companies only offer general cybersecurity awareness training and do not provide customized awareness programs tailored for these senior executives and their staff.
In the U.S. cybersecurity community, agility was the key takeaway from former ISC2 CEO Clar Rosso’s opening speech at the ISC2 Annual Conference in 2023. How can agility enhance teamwork among senior executives during cyber incident response? This talk will explore the application and real-world examples of incident responses from an agile perspective, offering innovative approaches for non-technical senior executives and their staff in handling cybersecurity incidents.
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。