Resiliency in a World of Cyber Threats

Regulators haverecently put an increased emphasis on operational resilience withinorganizations – which can be defined as the ability of an organization towithstand and adapt to any sort of emerging risks and shock

Regulators have recently put an increased emphasis on operational resilience within organizations – which can be defined as the ability of an organization to withstand and adapt to any sort of emerging risks and shocks. The UK’sFinancial Conduct Authority (FCA) and the Bank of England and EU’s DORA have published guidelines on building operational resiliency, and these guidelines include a plethora of critical advice for business’ looking to be operationally resilient, including encouraging a focus on identifying critical business services and a look at the ever-growing threat from cyber risks.

 

The risk management model being encouraged is to identify critical business services and report any emerging risks and disruptions that could threaten the resilience of the organization and the impact on its critical business services - not an easy thing to do with Excel Spreadsheets and static siloed systems!

Gaining a complete understanding of organizational and operational resilience requires a holistic comprehension of broader organizational objectives and strategy, in order to be able to manage risk and disruption in the pursuit of achieving overall business objectives.Far too often, departments such as information security and IT focus the irreporting on the technicalities of an emerging risk and disruption without including and outlining the potential upcoming impact to critical business services, and as a result, entirely missing the context of the business, relating to the issue and point of reporting vs. the connected impact throughout the business.

Regulators such as the FCA have laid out a streamlined process that all organizations can use to build a stronger operational resiliency framework which includes:

 

Identify critical business services 

Mapping the processes, technologies, information, and people that support critical business services

Testing the ability of organizations to remain within their impact tolerances and the overall resilience of the underlying organizational foundation such as the IT architecture

Communicate and plan with relevant stakeholders such as IT teams to prepare for any potential future incidents

 

Organizations have much to benefit by heeding the advice of these regulators, regardless of which industry or sector your organization operates within.

This business service approach allows the organization to manage the interconnection of risk functions such as information management and security, IT, third-party management, compliance, operations, performance etc. Since operational risk management encompasses a multitude of risk functions and departments throughout the organization, it is crucial that these functions collaborate and are integrated in order to connectORM to the bigger picture of operational strategy in order to achieve resiliency.

With the ever-growing threat from a potential cyberattack looming over the head of risk managers everywhere, resilience to an emerging cyber incident should take center stage in the operational resiliency framework. It is becoming increasingly critical for organizations to link emerging cyber risks to critical business services and report on potential disruptions.

An integrated information and technology architecture is critical for organizations to build a more thoughtful and strategic approach to this operational risk strategy.Organizations need complete situational awareness and vision into risk scattered across systems, operations, processes, relationships, and data in order to fully achieve operational resiliency, and to gain an understanding of the full impact of risk throughout the organization holistically and its impact on strategy, objectives, and performance.

 

 

 

 

 

 

 

More News Stories

November 30, 2022
Data Governance and Why it Matters

It is Sir Francis Bacon that is often attributed to the phrase “knowledge is power” first stated in his work Meditationes Sacrae back in 1597. These words have lived on and proved to be true in many walks of life including that of the modern business environment

Read story
October 20, 2022
Building a Duty of Responsibility

Quite often in the realm of compliance, the discussion is focused primarily on the organization

Read story
October 12, 2022
Building an Effective Risk Framework: The Three Lines of Defense

Advancing technology, increasing regulation, and shifts in societal norms pave the way for new or unforeseen risks to appear at any minute

Read story