2 minute read
CEO’s message
A challenge to stay relevant
Much of what makes technology work is hidden behind glossy interfaces, but if risk managers are going to get to grips with cyber risk they will need to dig beneath the surface
The profound impact of technology and digitisation on how we live and work is sometimes referred to as the new industrial revolution. These new technologies offer huge opportunities and have the potential to solve problems and bring us enormous benefits. But clearly they present risks as well. Commentators including the World Economic Forum have identified rising concern about technology-related risks, including the potential for cyber-attacks on individuals, organisations or infrastructure, data and intellectual property loss, theft and extortion. We’re no longer talking just about teenage hackers in bedrooms who can easily be spotted by their masks and balaclavas. Instead we’re aware of sophisticated “dark web” operations with their own supply chains, marketing departments and training courses, and probably their own risk management teams too.
So should we all just switch off the computers and go back to paper and typewriters, as the Russian government was reported to be considering recently? Risk professionals have a key role to play in helping their organisations understand and respond to these risks. And the first thing to acknowledge is that cyber risk is just a risk, like any other, and should be managed following the usual principles and processes that will be very familiar to IRM members. Those include a consideration of risk appetite, cultural, behavioural and reputational factors – all looked at in the context of the extended enterprise and supply chains. This process starts with understanding the risks, but what is possibly different with cyber is that many of us, particularly those of us (dare I say) of a certain age and seniority, are not sufficiently familiar with how our technology actually works. So there is a tendency to leave cyber risk to the IT team – just like we might find a handy teenager to operate the remote control.
Governments and organisations are starting to step up the pace of their response (see The Forever War feature in this issue outlining the UK government’s developing cyber-strategy).
My challenge to the risk profession is to encourage everybody to stay relevant and continue to add value by raising our game in relation to technology. You may feel very clever using apps on your smartphone, but do you understand how the coding behind it works and how vulnerabilities might be balanced with customer experience? And do you understand the data flows in your own organisation? And can you communicate these issues to others effectively and participate knowledgeably in discussions about the risks? Expect to see more from IRM, in training, special interest group activity and thought leadership on this subject in the coming months.
