We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Technological Interconnectivity Increases Exposure to Cyber Risks

Vote 0 Votes
Cyber Risks.jpg

Back in August of 2015, we discussed a vulnerability in Android's operating system that put both personal and professional data at risk. This is just one example of the fact that improved technologies, while vital to continued growth, can bring with them serious cyber risks.

The World Economic Forum's Global Risks Report 2016 reflects this idea. The report "examines the interconnections among the risks," which multiply as technology improves.

According to The Huffington Post, "our cyber dependence and the digital connectivity of systems, assets, data and networks continues to grow, increasing the interconnection of risks and the potential for cascading effects resulting from a cyber incident." Risk managers need to adapt to this trend.

To manage the interconnection of information, organizations should adopt a risk-based Taxonomy, which provides the business with a common framework and set of processes. This approach enables organizations to compare different types of risk across departments that would otherwise fail to collaborate or understand their interdependencies.

Having a taxonomy is so important because "everything and everyone throughout your organization is connected through a network of relationships."

The Changing Landscape of Cyber Risk

Risk must be evaluated not just across, but beyond the organization. As Kirstjen Nielsen writes, "The enterprise is no longer limited to an entity's owned or controlled systems, networks, and assets." The enterprise-wide scale adopted by ERM solutions begins with a root-cause approach that addresses both internal and external risks.

Managing risk without a taxonomy (i.e. a department-specific approach) is a guaranteed path to ineffectiveness. It's necessary not just to adopt an enterprise-wide scale, but to consider how cyberattacks might indirectly harm the organization (by disrupting, for example, a large communication network).

What's the Answer to Cyber Risk's Increasingly Systemic Nature?

We've already touched on it: The best method is identifying risks by their root causes. Many risks with different symptoms (e.g. different impacts across departments) share the same root cause. If departments try to evaluate them separately, they will invariably work up different solution strategies, some of which will be more effective than others. This means duplicative work and wasted resources.

LogicManager's unique Taxonomy technology is recognized as the best tool "for defining relationships between risks, requirements, goals, resources and business processes." It is your means of identifying shared cyber risks and infrastructure between departments and with third parties. This includes applications, assets, vendors, and more.

To read more about how LogicManager can help you keep ahead of cyber risks, visit our page on connecting what matters, and learn more about our cybersecurity solutions.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives