Cyber-attacks and data breach are amongst the top threats facing any business – the news is constantly highlighting global organisations (including well known trusted household names) that have suffered attacks at the hands of cyber criminals. Not only does this affect the personal data and credit card details of millions of customers, it also affects reputation and brand value and people’s confidence in doing business online. Moreover, the impact of these attacks can ultimately have catastrophic effects on the security of the nation depending on the target of the attack –no organisation is safe from airlines to banking to healthcare. If Amazon, Cathay Pacific, the NHS, Marriott Starwood Hotels and Uber are vulnerable then so are you and your organisation.
A recent joint report from the Institute of Risk Management (IRM) and the Cambridge Centre for Risk Studies at Cambridge Judge Business School entitled: Risk Management Perspectives of Global Corporations highlighted the security of enterprises Including cyber security, business continuity and crisis management as amongst the top risks of those surveyed (which included IRM’s membership and Cambridge’s Chief Risk Officer (CRO) and ERM communities). It also recognised the disruption to business models and new approaches to old problems that are being enabled by new technology, from blockchain to artificial intelligence, all of which bring opportunity and risk, including ethical challenges.
The Cambridge Centre for Risk Studies’ Academic Director, Professor Daniel Ralph, said:
“Corporations must contend with both internal and external risks that threaten their business models. Their stakeholders are keenly aware of the many potential factors impacting corporate profitability and longevity, thus greater transparency in risk reporting will be expected in the future.”
Companies go to vast expense to try to protect their organisations from such attacks but digital safety and security ultimately comes down to good enterprise risk management principles and practices.
Recently Alex Younger, Chief of the UK’s MI6 security service, addressed students at St Andrews University around the threats of cyber and national security and how humans need to interact with artificial intelligence in the era of the 4th Industrial revolution.
Ian Livsey, Chief Executive at the IRM says:
“IRM supports the comments from MI6 on cyber threats. Never have we been at such risk from new ways of data interception and misuse of companies’ sensitive information. This can affect not only customers but also extended supply chains. Ultimately, the security of the nation and, in cases where health and defence are involved, human life can be at stake.
The era of the fourth industrial revolution calls for a fourth generation of risk management, fusing our traditional professional skills with managing accelerated digital disruption in whatever type of organisation we work. The impact of exponential technological change is blurring the boundaries relied upon in traditional risk management and this is why the institute has worked with Warwick University to develop our new Digital Risk Management Certificate.
Risk managers of the future must operate amongst the blurred lines between the digital, cyber and physical worlds”.
While the world around us may constantly change, the fundamental approach of building resilient organisations with robust processes, a healthy risk culture and strong risk communications will still be the right one. The differences now are a need to move at a faster speed and emerging risks to be assessed.
IRM’s new Digital Risk Management Certificate course material has been designed to help risk practitioners and other professionals to face the ‘fourth industrial revolution’ of digitalisation, supporting them to manage digital risk at a strategic and operational level.
It will explain how new technologies and digitalisation are disrupting businesses, bringing both risk and opportunity in this brave new world, and how the tools and techniques can be used and adapted to manage these challenges.
Professor Tom Sorell, Professor of Politics and Philosophy at the University of Warwick, who contributed to the development of the study guide and syllabus, said:
“I was delighted to help develop the learning materials for this new IRM course.
The course will introduce learners to digital as a disruptive force both in products and services, as well as offering clear explanations around cybersecurity risks in business or the public sector.
It is designed to develop a clear understanding of digital products and risks, and the tools and techniques which can help businesses stay protected.
We hope the course will also appeal to anyone who would like to know more about the opportunities and vulnerabilities unleashed by the internet.”
This practical side of the training will cover audit and assurance for digital and emerging risks, including how to carry out digital risk assessments, with a detailed grounding in cyber security principles, practices and incident management. Ethical issues including both privacy and machine learning (artificial intelligence) will also be considered.
Managing the risks associated with digital disruption is a global challenge, and we have students signing up for the new course from Europe, Africa, Asia and USA.
One of the first students to sign up is John Delaney, Managing Security Consultant Security Advisory Team at IBM Security, who comments:
“Having come across the IRM during some research on risk management best practice I was very impressed with the quality and detail of their thought leadership. They offered clarity to the often muddy waters of risk management.
When I saw the IRM were soon to offer a new Digital Risk Management certificate I jumped at the chance to study from experts in the field. I look forward to the challenge and increased knowledge the course will bring.”
A free webinar including a panel discussion on: “How to protect your organisation in a digital world”, with speakers from NHS Digital and Barclays, will be held on the 10th December: visit the IRM website for further information.