Securing the Digital World

Opportunities for Risk Management in the “Great Reset”

Aug 04, 2020 | by Steve Schlarman |
Person holds mobile phone

”In a few years, it is possible that no one will be speaking of “digital transformation” because the term will have become irrelevant: Non-digital businesses will simply not exist.”

So concludes the World Economic Forum’s (WEF) recent report, “Digital Transformation: Powering the Great Reset.”  ”The Great Reset” is a fantastic descriptor for what we are facing today. As 2020 unfolded, it became apparent that “going digital” is no longer a side venture; it is the main event. From enabling remote workforces to expediting delivery of products and services, the catalyst for accelerating digital capabilities is front-and-center in every business strategy. In the WEF report, a consistent point is reinforced: digital journeys are still long, but the pace is no longer marathon-like. It’s an endless series of 100-yard dashes with little rest in between.

This acceleration translates into a considerable challenge for risk and security teams. They will be tasked with ensuring that the business doesn’t pull a hamstring or trip over a hurdle during those sprints. Risk and security teams will not have the luxury of time. As the business looks to streamline products and services or improve customer experiences through digital means, risk and security teams must take the rough edges off their own processes.

De-risking digital initiatives will be a major incentive to address risk in an integrated way. Integrated approaches to risk management are designed to share information, leverage common processes and create a taxonomy that eases the identification, assessment and analysis of risk. 

An integrated risk strategy is comprised of eight critical risk domains. Building programs for each of these domains manages specific risks, but also offers benefits if integrated with other efforts to help reduce other types of risk.

Risk Domain

Way to address the risk domain

Process Automation

Risk Assessment Framework: A common framework for how risks are evaluated and decisions are made to address risks to the business as technologies are used to automate processes.

Cyber Attack

Security Operations: A strong infrastructure and strategy to manage rising cyber threats.

Compliance

Compliance Processes: Efficient and effective processes to address existing and emerging compliance requirements

Workforce

Identity Assurance: Assurance that the individuals accessing systems and data are who they say they are, and given appropriate access

Third Party

Third Party Governance: Visibility into external parties and their role in business operations

Cloud

Cloud Operations: Risk and security processes to address cloud operations (internal, hybrid, external)

Resiliency

Business Impact Analysis (BIA): A common framework to identify what is important to the business

Data Governance and Privacy

Documented Data Processing Activities: Visibility into WHERE data is and HOW it is used by the organization

Collectively, the targeted efforts within each domain and with an eye towards integration creates a ‘mesh’ of risk management activities.

 

The contributions from each program augments other risk and security efforts. For example:

  • BIAs help prioritize security events for security operations;
  • Identity assurance streamlines compliance assessments for user privileges;
  • Documented data processing activities informs scoping of audits for compliance purposes;
  • Third party governance ensures continuity and recovery plans take external parties into account.

The list goes on and on. Each major domain of risk management offers an opportunity to improve related processes.

The WEF publication highlights three opportunities for enterprises: 

  1. Transform business
  2. Empower stakeholders
  3. Change systems

These same opportunities exist for risk and security teams. Refactoring risk management strategies, in light of business adjustments forced by disruption, must have integrated capabilities as the core.   

Building a mesh of integrated activities is critical in meeting the pace of business operations as part of “the great reset.”

 

Recommended for you