An organisation cannot rely solely on technical controls to avert a cyber-incident
Cyber security is no longer restricted to standard ICT domains and encompasses multiple areas of an organisation, including (but not limited to) human resources, supply chain management, administration and infrastructure and therefore requires governance at the highest levels, as observed by CII-KPMG research. No doubt that that cyber security has started gaining visibility at the top level and is now an essential part of the boardroom discussion.
Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust” suggests the paper. It added that managing risks and aligning it will need all key stakeholders to be on top of board’s agenda.
Some of the key de-risking observations presented in the paper are as follows:
- An organisation cannot rely solely on technical controls to avert a cyber incident. It needs a combination of the right people, processes and technology to prevent such incidents.
- Companies should develop a compliance checklist to ensure compliance and obtain management/process owner sign-offs.
- Banks must have a risk management framework to not only mitigate pillar 1 risks such as credit, market and operational, but also have a framework to deal with other significant risks such as strategic/business risk, compliance risk, reputation risk, etc. to enable them to stay competitive with the changes in the banking environment.
- Robotics and cognitive technologies not only support in managing the risks for an organisation, but can help eliminate potential operational risks. The new-age disruptive technologies bring much needed controls within an organisation.
- While technology is expected to play a great role in fraud detection, the continuing effectiveness of technology-based fraud detection systems largely depends on fraud risk intelligence configured on the detection systems. The higher the false positive alerts generated by the tool, the lower the reliance on the outcome.
- Apart from the clear advantage of avoiding legal and regulatory penalties and complications, effective regulatory and compliance risk management can enable companies to be a differentiator in the market by infusing confidence in existing and prospective customers or stakeholders.
For this to come to fruition, organisations need to build and implement leading practices for effective risk management. The world of technological advances is a double-edged sword, where one needs to embrace technology along with its strategies, as well as simultaneously mitigate the associated risks. Abstinence from any of these technologies might appear as one of the most effective defences, since ensuring compliance is an uphill task. But the exponential rate at which the digital world is booming, it is likely to influence organisations in the years to come.