Common Denominators of Digital Risk

Apr 25, 2019 | by Steve Schlarman

Reward and Risk
SR Bank (Some Random Bank) was facing stiff competition. A variety of factors in the banking world applied pressure on multiple fronts. Luckily, they weren’t too far behind in the game asthey worked to extend technology deeper into their day-to-day business operations. While social media improved their public presence, internal efforts began profiting from emerging technology efficiencies like data analytics and virtualization within operations. A new business application here; an infrastructure optimization there…SR Bank moved on to create more and more value through customer-facing digital solutions. With a mobile customer banking platform, enhanced services and other strategic moves, they pushed their digital business to new heights. While all this opportunity was opening doors, they also knew it was evolving their risk profile – there is no reward without some risk.

SR Bank had seen firsthand unwanted and unexpected outcomes stemming from their digital transformation. While their technology strategy had reduced costs and enhanced customer products and services, their digital business operations had evolving levels of risk related to cybersecurity, third parties, business continuity, and data privacy among other types of risk.  One major result of this new world: growing digital risk was more disruptive than the operational risks they historically managed. In fact, as they moved more and more towards a digital business through accelerated technology adoption, digital risk had become the greatest facet of risk they faced.

The Major Digital Risk Factors
This story is playing out across enterprises of all sizes and industries. SR Bank is not unique in seeking to unlock new value from digital initiatives. Factors, such as your industry, competitive market, and organizational strategy, shape your organization’s digital future. As this future unfolds, every organization has varied factors impacting the risk profile. While risk is a multi-faceted challenge, several key areas immediately influence your digital risk challenges.

Any discussion around risk related to digital transformation should start (and end) with the business. Therefore, the complexity of the business model and strategy plays an important role. A complex business requires more sophisticated practices to keep risk at bay and, in turn, will complicate efforts to mature risk management.  At the heart of digital business lies data and therefore, the data profile (data types involved) impact several elements of risk. Compliance is a consistent data profile factor affecting risk profiles.  

The scope of digital operations impacts risk as a large, expansive technology footprint expands the attack surface (from a security perspective) and complicates the management surface (from an operational perspective).  This leads to the difficulty in discussing digital transformation without some element of cloud technology, so the nature and scope of your cloud strategy shapes how digital risk affects a wide range of business intents.

Obviously, the technical architecture has a dramatic effect on the risk profile. Digital initiatives introducing a new technical paradigm and elements of innovation have implications across operations. A related factor to technical complexity is the stability of the technology being used. Risks can range from deploying unproven, constantly evolving (and potentially vulnerable) code to the wild card of vendor disruption by acquisition.

Usage of third parties (cloud providers, third-party specialists such as contractors and consultants and outsourced IT infrastructure) is a major part of digital initiatives.  Last, but certainly not least, is the resiliency factor. Depending on the nature of the digital initiative, many times this requirement goes well beyond traditional disaster recovery.  

While the digital world seems to transcend physical borders, the geographic scope (physical locations of the data, users or systems) does impact compliance, as well as geopolitical, legal, cultural and operational factors. One wild-card factor to consider is the relationship between the digital and physical worlds. With the constant cybersecurity threat looming above all digital initiatives, any technology solution that could result in health and safety situations has a special risk profile that must be seriously considered.  

SR Bank’s story is replicated across all types of companies. The benefits of technology can revolutionize how your company interacts with consumers or how your employees optimize operations through automation and analytics. As their digital opportunity unfolds, SR Bank is mindful of the need to identify, assess and treat risks in effective, efficient manners and gain the upper hand in their market.  So, too, must your organization and you can use these major factors as signals toward digging into digital operations to find those obstacles that require focus.

Come back next week to learn how changes to your business operations based on digital initiatives affects your overall risk profile.

# # #

Register for our executive webinar series on digital risk management to find out why risk management is so critical and how companies are addressing digital risk.

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.

Author: Steve Schlarman

Category: RSA Fundamentals, Blog Post

Keywords: Digital Risk, Digital Risk Management, Digital Transformation, Third Party Risk