Resiliency in a World of Cyber Threats

Regulators haverecently put an increased emphasis on operational resilience withinorganizations – which can be defined as the ability of an organization towithstand and adapt to any sort of emerging risks and shock

Regulators have recently put an increased emphasis on operational resilience within organizations – which can be defined as the ability of an organization to withstand and adapt to any sort of emerging risks and shocks. The UK’sFinancial Conduct Authority (FCA) and the Bank of England and EU’s DORA have published guidelines on building operational resiliency, and these guidelines include a plethora of critical advice for business’ looking to be operationally resilient, including encouraging a focus on identifying critical business services and a look at the ever-growing threat from cyber risks.

 

The risk management model being encouraged is to identify critical business services and report any emerging risks and disruptions that could threaten the resilience of the organization and the impact on its critical business services - not an easy thing to do with Excel Spreadsheets and static siloed systems!

Gaining a complete understanding of organizational and operational resilience requires a holistic comprehension of broader organizational objectives and strategy, in order to be able to manage risk and disruption in the pursuit of achieving overall business objectives.Far too often, departments such as information security and IT focus the irreporting on the technicalities of an emerging risk and disruption without including and outlining the potential upcoming impact to critical business services, and as a result, entirely missing the context of the business, relating to the issue and point of reporting vs. the connected impact throughout the business.

Regulators such as the FCA have laid out a streamlined process that all organizations can use to build a stronger operational resiliency framework which includes:

 

Identify critical business services 

Mapping the processes, technologies, information, and people that support critical business services

Testing the ability of organizations to remain within their impact tolerances and the overall resilience of the underlying organizational foundation such as the IT architecture

Communicate and plan with relevant stakeholders such as IT teams to prepare for any potential future incidents

 

Organizations have much to benefit by heeding the advice of these regulators, regardless of which industry or sector your organization operates within.

This business service approach allows the organization to manage the interconnection of risk functions such as information management and security, IT, third-party management, compliance, operations, performance etc. Since operational risk management encompasses a multitude of risk functions and departments throughout the organization, it is crucial that these functions collaborate and are integrated in order to connectORM to the bigger picture of operational strategy in order to achieve resiliency.

With the ever-growing threat from a potential cyberattack looming over the head of risk managers everywhere, resilience to an emerging cyber incident should take center stage in the operational resiliency framework. It is becoming increasingly critical for organizations to link emerging cyber risks to critical business services and report on potential disruptions.

An integrated information and technology architecture is critical for organizations to build a more thoughtful and strategic approach to this operational risk strategy.Organizations need complete situational awareness and vision into risk scattered across systems, operations, processes, relationships, and data in order to fully achieve operational resiliency, and to gain an understanding of the full impact of risk throughout the organization holistically and its impact on strategy, objectives, and performance.

 

 

 

 

 

 

 

More News Stories

February 13, 2024
The Digital Odyssey: Navigating Complexity and Triumphs in the Auditor's Tale

In the ever-shifting tides of modern business, the role of internal auditors has undergone a seismic transformation, navigating a labyrinth of complexity that rivals the twists and turns of a riveting thriller

Read story
May 22, 2023
Protecting Third-Party Data Within SaaS Solutions

Modern-day organizations have become increasingly reliant on various third-party software in order to operate effectively. The covid-19 pandemic and the newly blooming remote work environment brought a greater reliance on third-party software such as Microsoft Office or Salesforce

Read story
May 3, 2023
Is your Software Supply Chain Vulnerable to Cyber Threats?

It probably won't come as a surprise that modern organizations have had a growing reliance on various forms of software to operate effectively and efficiently

Read story