An interesting video from RSA Conference 2018: “There’s no such Thing as a Cyber-risk”
So if you look at possible risk domains Computer Security (or Cybersecurity is not on there.
- Operations: errors – fraud – talent – employee engagement – safety
- Service Availability: capacity, resiliency, data integrity, intentional disruption
- Product delivery: pre-executions – release executions
- Compliance: regulatory, contractual obligations, privacy lane, employment law, other laws
Of course data integrity is there – so if there is a cybersecurity problem data integrity may become an issue.
The definition of “Operational risk” is the prospect of loss resulting from inadequate or failed procedures, systems or policies. Employee errors. System failures. fraud or other criminal activity. Any event that disrupts business processes
The problem with Cyber risk is that it can affect operations but is not always obvious how bad it can get until it happens. Can you operate without computers? Can it get that bad? What if it does? Just like one may have electricity backup in an area which has frequent power outages, one has to consider what to do if there are no computers to run credit card transactions.
To properly assess operational risk, what is it one must ask in regards to computer assets with regard to cybersecurity? What if I cannot use this device? i.e. it has been hijacked by hackers or otherwise incapacitated.
If credit card processing is stolen, what could be worse is now your reputation can take a hit. Since the news will be filled with stories of Credit card fraud originating at your business.
Consider reputation in assessing operational risk. And reputation does not always mean systems fail or money is lost due to no electronic access.
It all depends on who you claim to be in the public space. Is your business marketing claim to be up-to-date? Then reputation may have to have a higher impact. Make sure you are spending enough resources in relation to your REAL level of risk.
If you need help in assessing risk contact us.