FEATURE: BUSINESS CONTINUITY
that RTO’s can be achieved in minutes
instead of hours or days. Cloud BCDR
also eliminates the extra cost for data
centres. Organisations can now tap into
near infinite cloud resources to assist
with their BCDR.
2. Unification of data management,
security and protection – continuity
and compliance throughout the
More to
application lifecycle is now possible.
With cloud services, it is now possible
to secure data at rest and in transit.
Add to the fact that Microsoft
provides industry leading security and
protection solutions at a very cost-
effective price point.
3. Applications work in Disaster Recovery
– Organisations can now fail over their
applications or full on premises data
centres with automated recovery plans
in a matter of minutes, instead of days,
weeks or months.
4. Perform BCDR tests at any time – With
cloud BCDR, organisations can now
test their continuity plans any time,
whenever they need to without having to
affect their user community. n
cyber risk than security
Riaan Bekker, Force Solutions
Manager at thryve, which
provides risk and governance
management technologies, says
cyber risk isn’t just about security;
it has become a serious issue of
business continuity and is the core
responsibility of executives of
businesses of any size to protect
shareholder value.
R
isk experts hold no doubts. The
changes technology is bringing
to businesses has far-reaching
consequences. But the conversation is still
split between two poles, those of business and
technology. It’s more convenient and seems
to simplify the issue. But that is not true.
Just look at risk registers and predictions
for 2019. Cyber risk has risen to the near
top, often only competing with business
continuity as the biggest concern. This is
ahead of other risks that at face value have a
clear connection to business operations.
Cyber elements are now crucial to modern
business practices. But misunderstandings
about cyber leads to much more uncertainty.
The time has come for companies to have a
more sober and encompassing appreciation
of cyber risk, starting with what cyber risk
is. It is often defined as a security topic,
which can then be conveniently mandated
to IT or technology leaders in a business.
There has been progress in terms of boards
and CEOs realising they should take closer
responsibility for the risk, but that still often
happens under the security assumption.
The impact of cyber as a risk is much wider.
48
////////////////////////////////////////////////////////////////////////
INTELLIGENTCIO
Cyber risks often arise due to the
following factors:
• Globalisation: Cyber technologies
have enabled businesses to reach much
further afield than before, the most
potent example being globalisation.
But this creates a variety of risks, such
as meeting regulatory demands in
different jurisdictions
• Adoption of new technologies:
Technology is a two-edged sword. Though
new technologies get attention from
the board and c-suite, their underlying
complexities and impact on processes are
still often brushed aside
• Mergers and acquisitions: Bringing
one company into the fold of another
or creating business synergy between
them are already fraught with challenges.
Yet even those concerns often overlook
the extreme complexity of merging
very different business systems and
technologies. In most cases, this is
not addressed at all for the sake of
expediency, creating untold cyber risks
that could appear in the long run
• Outsourcing: While outsourcing is a
good way to save money, increasingly
around technology it is done to mitigate
skills shortages which itself is a risk.
But outsourcing also doesn’t absolve a
business from responsibilities around
cyber currencies such as data. There is
also the additional risk of an outsourcing
partner not being secure and thus a
target for cybercriminals
• Extension of third-party networks: A
huge benefit around digital technologies
is the ability to integrate with third-party
networks, such as supplier databases. This
is providing great improvements around
value chains. But it also risks exposing
company data and interactions if not
secured properly – not only technologically
but through training and culture
Risk is about measuring input and impact,
then using that information to mitigate
and improve. Gathering that information
is a lot simpler if you use GRC integration
platforms. These let different employees
and departments input metrics in the
way they capture them. The service then
balances that information in formats that
risk managers want to see. Since these are
service platforms, they are very simple and
cost-effective to deploy in a company, no
matter the footprint.
Cyber risk isn’t only about security. It’s
a broadside on business operations and
ambitions. Traditional risk assessment
approaches are not equipped to handle that,
and the conversation is often kept narrow
and technology-focused. But by looking
at the above factors, combined with an
integrated GRC management platform, risk
managers can define cyber risk in a much
better way. n
Riaan Bekker, Force Solutions Manager
at thryve
www.intelligentcio.com