"How will our organization balance the risks and rewards associated with digital transformation?"
This question advances the ongoing discussion between risk professionals and business leaders concerned about their growing exposure to digital risk.
By offering more digital conveniences, the financial industry grapples with a challenge underscoring all digital transformation efforts: How do you adopt innovative technologies while mitigating new potential risk?
In a recent conversation with ITSPmagazine, Brian Drotleff, Director of GRC and Risk Assessments at Key Bank offered his perspective on the effects digital advancements have on financial institutions.
"The industry is continuously getting more digital. It impacts us internally with the digitalization of checks and payments and other things we can do with technology that we weren't able to do 10 or 20 years ago."
As modern consumers in the digital age, we expect a lot. Drotleff, like many others in his position, understands the heightened expectation of consumers, "It's all about making the banking experience as enjoyable as possible," he says.
"But with every technological advancement - whether it's cellphones or payment transactions - there's a certain amount of risk to balance."
That said, Key Bank isn't the only institution feeling the pressure to find a happy medium between integrating cutting edge technology and managing its new risks to the organization.
The RSA 2019 Digital Risk Report finds 88 percent of respondents expect their organizations' risk profile to expand in the future, as a result of their digital transformation.
Changing the Narrative: It's Not A "No"
Although risk and security professionals are typically referred to as "the party of no," Drotleff recommends changing the narrative to "yes, but securely."
While the bank undergoes digital transformation, Drotleff offers insight into how it is re-writing the narrative by fostering a partnership between the individuals who are well versed in regulations, standards and frameworks and the business members who are bringing new innovative ideas to the organization.
"We have a good balance between those who are more risk focused and business focused, so we as a bank are making the right decisions in terms of how far we want to go," explains Drotleff.
This collaboration enables Key Bank to keep risk management top of mind while meeting business objectives. For other organizations seeking this balance, Drotleff suggests assessing the conversation between the groups to ensure each are on the same page.
"Thinking a little bit more like the business than risk managements [sic] professionals have in the past, understand where they are coming from and vice versa, if you're on the business side, thinking more from a risk perspective. You meet a little bit more in the middle. It doesn't become a 'yes versus no' all the time."
Cost of Not Undergoing Digital Transformation
As digital transformation impacts businesses; today's leaders understand the value in digitally evolving standard operations within the enterprise.
The transformation becomes a new "norm" for organizations and many realize the risk of not capitalizing on digital innovations. This is articulated in a recent report from Ovum Research, "Digital risk is also recognized as 'essential' inasmuch as the organization must take risks if they are to move forward."
This point was echoed by Drotleff who explained why his organization is investing in such transformation.
"We need to continuously push ourselves as well as keep an eye on what our peers are doing in terms of making sure that we're delivering for the customer. If we are not advancing and forcing our way down that uncomfortable risk spectrum, we are not going to advance and profit and ultimately grow our business."
Despite the array of organizational and risk challenges that businesses face today, Drotleff emphasizes the driving effort behind both business and IT risk is the same, "For Key Bank it's all about the customer." It's why organizations must continue to lean into digital transformation in 2020 and beyond.
# # #
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity