Resiliency in a World of Cyber Threats

Regulators haverecently put an increased emphasis on operational resilience withinorganizations – which can be defined as the ability of an organization towithstand and adapt to any sort of emerging risks and shock

Regulators have recently put an increased emphasis on operational resilience within organizations – which can be defined as the ability of an organization to withstand and adapt to any sort of emerging risks and shocks. The UK’sFinancial Conduct Authority (FCA) and the Bank of England and EU’s DORA have published guidelines on building operational resiliency, and these guidelines include a plethora of critical advice for business’ looking to be operationally resilient, including encouraging a focus on identifying critical business services and a look at the ever-growing threat from cyber risks.

 

The risk management model being encouraged is to identify critical business services and report any emerging risks and disruptions that could threaten the resilience of the organization and the impact on its critical business services - not an easy thing to do with Excel Spreadsheets and static siloed systems!

Gaining a complete understanding of organizational and operational resilience requires a holistic comprehension of broader organizational objectives and strategy, in order to be able to manage risk and disruption in the pursuit of achieving overall business objectives.Far too often, departments such as information security and IT focus the irreporting on the technicalities of an emerging risk and disruption without including and outlining the potential upcoming impact to critical business services, and as a result, entirely missing the context of the business, relating to the issue and point of reporting vs. the connected impact throughout the business.

Regulators such as the FCA have laid out a streamlined process that all organizations can use to build a stronger operational resiliency framework which includes:

 

Identify critical business services 

Mapping the processes, technologies, information, and people that support critical business services

Testing the ability of organizations to remain within their impact tolerances and the overall resilience of the underlying organizational foundation such as the IT architecture

Communicate and plan with relevant stakeholders such as IT teams to prepare for any potential future incidents

 

Organizations have much to benefit by heeding the advice of these regulators, regardless of which industry or sector your organization operates within.

This business service approach allows the organization to manage the interconnection of risk functions such as information management and security, IT, third-party management, compliance, operations, performance etc. Since operational risk management encompasses a multitude of risk functions and departments throughout the organization, it is crucial that these functions collaborate and are integrated in order to connectORM to the bigger picture of operational strategy in order to achieve resiliency.

With the ever-growing threat from a potential cyberattack looming over the head of risk managers everywhere, resilience to an emerging cyber incident should take center stage in the operational resiliency framework. It is becoming increasingly critical for organizations to link emerging cyber risks to critical business services and report on potential disruptions.

An integrated information and technology architecture is critical for organizations to build a more thoughtful and strategic approach to this operational risk strategy.Organizations need complete situational awareness and vision into risk scattered across systems, operations, processes, relationships, and data in order to fully achieve operational resiliency, and to gain an understanding of the full impact of risk throughout the organization holistically and its impact on strategy, objectives, and performance.

 

 

 

 

 

 

 

More News Stories

April 8, 2022
Developing a Mature Risk and Resiliency Strategy

Successfully creating and implementing an effective risk and resiliency strategy can be a difficult task for organizations

Read story
March 11, 2022
Managing Information Risk in the Context of the Business

Business today is an interconnected network of connections, business relationships, distributed operations, scattered data and systems, shared processes, and risk exposure

Read story
February 22, 2022
Why Software Companies are Struggling When Selecting Content Partners

Organizations often are finding themselves seriously unhappy with their agencies...

Read story