Cyber attacks and data breaches are among the foremost threats facing any business. Indeed, the mainstream news is constantly highlighting global organisations (including well-known and trusted names) that have suffered attacks at the hands of cyber criminals. These attacks can impact the personal data and credit card details of millions of customers, not to mention the reputation and brand value of those businesses affected as well as customers’ confidence when it comes to doing business online.
Moreover, the impact of these attacks can ultimately have catastrophic effects on the security of the nation depending on the target of the attack. No organisation appears to be safe. If Amazon, Cathay Pacific, the NHS, Marriott Hotels and Uber are vulnerable then so is any business in today’s world.
A recent joint report produced by the Institute of Risk Management (IRM) and the Cambridge Centre for Risk Studies at Cambridge Judge Business School entitled ‘Risk Management Perspectives of Global Corporations’ highlights the security of enterprises (encompassing cyber security, business continuity and crisis management) as being among the top risks of those surveyed. Respondents included the IRM’s membership in addition to Cambridge’s CRO and Enterprise Risk Management (ERM) communities. The report also recognises the disruption to business models and new approaches to old problems that are being enabled by new technology – from blockchain through to Artificial Intelligence (AI) – all of which bring opportunity and risk (including ethical challenges).
Internal and external risks
Professor Daniel Ralph, the Cambridge Centre for Risk Studies’ academic director, informed Risk Xtra: “Corporations must contend with both internal and external risks that threaten their business models. Their stakeholders are keenly aware of the many potential factors impacting corporate profitability and longevity and, on that basis, greater transparency in risk reporting will be expected in the future.”
Companies can go to vast expense to try to protect their organisations from such attacks, but digital safety and security ultimately comes down to good ERM principles and practices.
Recently Alex Younger, the leader of MI6, addressed students at St Andrews University around the threats of cyber and national security and how humans need to interact with AI in the era of the 4th Industrial Revolution.
Interception of data
Ian Livsey, CEO at the IRM, stated: “The IRM supports the comments from MI6 on cyber threats. Never have we been at such risk from new ways of data being intercepted and misuse of companies’ sensitive information. This can affect not only customers but also extended supply chains. Ultimately, the security of the nation can be at stake and, in cases where health and defence are involved, human life as well.”
Livsey continued: “The era of the 4th Industrial Revolution calls for a fourth generation of risk management, fusing traditional professional skills with managing accelerated digital disruption in whatever type of organisation the practising professional is working. The impact of exponential technological change is blurring the boundaries relied upon in traditional risk management. This is precisely why the IRM has worked with the University of Warwick to develop our new Digital Risk Management Certificate. Risk managers of the future must operate among the blurred lines between the digital, cyber and physical worlds.”
While the world around us may constantly change, the fundamental approach of building resilient organisations with robust processes, a healthy risk culture and strong risk communications at their heart will still be the right one. The differences now are the need to move at a faster speed for emerging risks to be assessed.
4th Industrial Revolution of digitalisation
The IRM’s new Digital Risk Management Certificate course material has been designed to help risk practitioners and other professionals face the 4th Industrial Revolution of digitalisation, supporting them to manage digital risk at a strategic and operational level. It explains how new technologies and digitalisation are disrupting businesses, bringing both risk and opportunity in this brave new world, and how the tools and techniques can be used and adapted to manage these challenges.
Tom Sorell, Professor of Politics and Philosophy at the University of Warwick who contributed to the development of the study guide and syllabus, said: “I was delighted to help develop the learning materials for this new IRM course. The course will introduce learners to digital as a disruptive force both in products and services, as well as offering clear explanations around cyber security risks in business or the public sector. It’s designed to develop a clear understanding of digital products and risks, and the tools and techniques which can help businesses to remain protected. We hope the course will also appeal to anyone who would like to know more about the opportunities and vulnerabilities unleashed by the Internet.”
The practical side of the training will cover audit and assurance for digital and emerging risks, including how to carry out digital risk assessments, with a detailed grounding in cyber security principles, practices and incident management. Ethical issues including both privacy and AI are also considered.
Best practice and thought leadership
One of the first students to sign up is John Delaney, managing security consultant for the Security Advisory Team at IBM Security, who explained: “Having come across the IRM during some research on risk management Best Practice, I was very impressed with the quality and detail of the thought leadership. The IRM offered clarity in the often muddy waters of risk management. When I saw the IRM was soon to offer a new Digital Risk Management Certificate I jumped at the chance to study and learn from experts in the field. I look forward to the challenge and increased knowledge the course will bring.”
*A free webinar including a panel discussion on how to protect organisations in a digital world (and featuring speakers from NHS Digital and Barclays) is being held on Monday 10 December at 11.00 am. Visit the IRM website’s www.theirm.org/webinars for further details and to register your place