To lower enterprise risk, get cyberresilient

The digital transformation of business puts information technology at the center of your enterprise. At the same time, it greatly expands risks to the enterprise. As these cyber risks become central to both operational and business risk, they’ll have a greater influence on the enterprise’s overall risk.

What you need is cyberresilience.

That’s the ability of your enterprise to keep its transformed business models efficient and effective in the face of increased IT system threats from nation states, criminals, competitors, insiders, the supply chain and even the weather. This resilience also applies to legal, regulatory and political changes.

Organizations that develop strong cyberresilience also deliver strategic benefits to their CEOs and boards. By showing the interrelationships among IT, operational and business risk, cyberresilience delivers a better understanding of cost and benefit. New business opportunities can be pursued with greater confidence, too.

Any element of effective enterprise risk management, including cyber risk, needs to be interdisciplinary. This means involving not only the Chief Risk Officer, but also the CIO, CEO and line-of-business executives. This also connects enterprise risk with the effective management of cyber resilience through a series of practical steps.

Cyber damage

Get this wrong, and the consequences could be dire. An enterprise that fails to achieve cyberresilience can suffer instant brand damage, data loss and disruption, and enterprise embarrassment. A company that mismanages enterprise risk may also see its stock price and market cap decline, its operating costs and legal liability rise, and its executive and organizational reputation plummet.

To seek these new levels of enterprise risk resilience, organizations need not only processes and technologies, but also principles. While many supervisory boards are aware of enterprise risk, they often lack a common set of guiding principles to manage cyber risks. But this type of guidance is essential.

Governance should start at the top with directors, risk committee members and C-level executives. For example, the finance industry uses a three-tier model. The top level provides the independent oversight (including audit and regulatory), the middle level provides the enterprise governance, and the bottom level defines how to address risks.

Improved cyberresilience can deliver many benefits. Organizations that gain a better understanding of — and response to — risk can adapt and change more quickly than their competitors. Business agility can lead the way to new projects, acquisitions and other fruitful opportunities.

Read more in the position paper, “Managing Enterprise Risk in a Connected World.”


Chris Moyer is chief technology officer for Security at DXC Technology. He has spent more than 25 years building business and technology solutions for clients in several industries across multiple geographies. In previous roles, he has led solutioning, transformation projects and delivery assurance. He is also a member of the Institute of Electrical and Electronics Engineers. Connect with him on Twitter and LinkedIn.

RELATED LINKS

Advancing cyber resilience — principles and tools for boards

Internet worms through the ages — from relatively low risk to highly destructive

Security trends: Protecting your future

Trackbacks

  1. […] To lower enterprise risk, get cyberresilient […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: