What will the new normal look like for my business? Depending on whom you ask, you’ll get a variety of answers. As illustrated during several recent earnings’ calls, industry leaders are being pressed for answers, but responses vary.
While the "new normal" is a hot topic, one thing is becoming clear: no one knows for certain what the future holds. Despite the lack of clarity, security and risk leaders must continue to prepare their organization.
As part of this planning, organizations will need to calibrate their risk strategies for an array of potential new challenges. I asked the RSA Risk Transformation Office for a preview of what risks and changes could be on the horizon. Here’s what they shared:
- Each U.S. State government is providing unique guidance for businesses on how to reopen. For risk teams, that means potentially complying with 50 individual mandates, warns Christopher Patteson, Executive Director, RSA Risk Transformation Office. Multi-national companies will have the added challenge of adhering to regional guidance or laws in each country they operate in. What this means for businesses: a sea of new compliance risks.
- With compliance in mind, organizations that return employees to a physical workplace may be required to administer regular employee testing, says Patteson. This could create a new domain within physical security.
- Third-party ecosystems are an intrinsic part of many organizations. Any disruption to their operations in the future – including bankruptcy or temporary shutdown – could have ripple effects across an organization’s supply chain, predicts Mark Hofberg, Executive Directive, RSA Risk Transformation Office.
- The dynamics created through remote work have forced organizations to adopt new technologies and systems. In some cases, organizations are accelerating digital transformation initiatives to adapt for their new normal. While this is critical for business continuity, it also creates new digital risk challenges, asserts Michael DeLoach, Executive Director, RSA Risk Transformation Office.
While the current disruption is unprecedented, the approach to managing these risks is not new, advises Patteson.
Companies should look to their disaster recovery plans as a guide, he recommends. Detailed strategies typically include a phased approach for returning to "normal." While the circumstances may be different, these plans can provide some instruction and inform discussions.
In this moment when data points and information are flying around in real-time, risk teams need a plan for coalescing these insights. In this way, they’ll create "risk telemetry," suggests the leaders from the RSA Risk Transformation Office. This telemetry will be invaluable as leaders assess how and when to return to "normal," and what steps need to be taken to stay in compliance with new risks.
Above all, visibility is paramount, says DeLoach. You cannot protect against what you cannot see. Organizations need to track and monitor each challenge as they would any other business risk. And no, this doesn’t mean cataloguing risks in an Excel document. Risk managers need a central platform to help regularly monitor and assess risks that can easily provide reporting to executive leaders.
Although the future is full of uncertainty, one thing is becoming increasingly apparent: business risks are multiplying. To thrive in their "new normal," organizations will not only need tools, but the right talent, to help them manage risk challenges, says Hofberg. Expect the conversation about the skills gap to grow in the coming months and years as organizations look to bolster their security and risk teams.
Author: Jonathan Gregalis
Category: Blog Post, RSA Point of View
Keywords: Risk Managment, Third Party Risk, Risk & Compliance (GRC), Regulatory Compliance, Digital Risk, Digital Risk Management