Risk management: Are you prepared?

CyberCX

Risk Management may sound daunting but, to a large extent risk management is on everyone's radar on a daily basis. At the most basic level, risk management allows organisations to attempt to prepare for the unexpected by minimising risks and extra costs before they happen.  Identifying potential risks, assessing and prioritising those risks (or threats) based on their potential impact and probability enables an organisation to manage threats to their day to day business.

So what is a risk? We can also refer to risks as threats, a risk could be the impact on an organisation during a pandemic, cyber-attack, terror attack, IT outage, or natural disaster and can include threats to supply chains and regulations such as those around data privacy. If you get this wrong it can result in loss of profit through to regulatory fines and significant damage to reputation.

Risk Management planning offers:

• Brand reputation protection
• Reduction in the risk of revenue losses
• Proactive identification of risks
• Prevention of data breach, cyber security and related incidents
• Evidence to clients that you take business resilience seriously.

How can Risk Management help me during COVID-19 and beyond?

COVID-19 is impacting businesses globally. Organisations are navigating an uncharted world, balancing threats with financial costs.  An effective risk management framework will help an organisation function in this new reality. Organisations with effective risk management programs have successfully weathered the storm utilising strategies such as these:

Employee: Assessing the impact of staff working from home over prolonged periods and the impact on productivity. Risk mitigation strategies have included: analysing job roles that require on-site access, introducing HR procedures to help staff cope with stress, development of strategies for shifting work around teams and locations.

Infrastructure: Assessment of infrastructure and other services to ensure they can handle higher loads on infrastructure etc. due to remote working. Can key systems be managed remotely, what are the single points of failure for remote operations, is IT support sufficient for remote working, can access to critical systems be prioritised, are there enough licences to cover all those remote workers.

Cyber: Check security and monitoring of applications for remote access, reinforce staff training around responsibility for ensuring confidentiality of company intellectual property and awareness of IT security (e.g. Phishing attacks).

Supply Chain: Prioritise the assessment of critical suppliers to ensure they can continue critical activities and minimise impact on productivity and service levels. Develop strategies to diversify key suppliers across different regions.

Operational: Assess business continuity and IT disaster recovery plans to allow for continuity of critical services. Assess which activities cannot be conducted remotely, prepare for office closure and reopening. Be prepared for staff infections, have a clear communication strategy to manage employees and partners, prepare plans to restore services to normal operations.

If we have learnt anything from this and previous pandemics we know COVID-19 is unlikely to be the last. Having a risk management framework in place helps organisations to be better prepared for the next event, be that the return to normal or to mitigate reputational or financial loss from the next unexpected incident. Good risk management will improve recovery and help the continuation of business.    

Get in touch to find out how our independent consultants can work with you to help manage the trade-off between risk and return in your decision-making.

Mohinder Kainth
Senior Security and Risk Specialist
CyberCX