The team should implement mitigative measures as quickly as possible because of the velocity with which such incidents can occur. Clear, concise, comprehensive documentation will also allow the firm to be proactive, instead of reactive in their response. For instance, because of many people turning to working from home, there was an increased need for cybersecurity amid the global pandemic. Robust documentation of how the organisation responded, will be invaluable should another similar event occur. But organisations should avoid lumping technology, IT, data and cyber risk into one category without clearly understanding the individual elements.
While all of these involve technology and are connected, they may affect different organisations in different ways, depending on how they are used. Technology risk, for instance, may involve software or hardware failure caused by faulty programming or equipment, while data risk may involve system breaches caused by hacking which corrupts data. One of the risks associated with IT is data that needs verification before it can be applied to decision-making. Cyber risk applies primarily to loss events such as ransomware, malware or phishing incidents. Regardless of how they are defined, these risks all have great disruptive potential.
Yet, businesses are relying increasingly on technology and producing more data and information today than ever before. Analysts assert that cyber breaches are inevitable, and may lie undetected for months. But with the increasing reliance on technology, what can organisations do to protect themselves and manage technology and data-related risk? Training staff to recognise the need for cybersecurity and data integrity is a good place to start. Having a firm policy on data and security, and enforcing it, is another. Everyone should understand how data is generated and shared; how it is stored, accessed and monitored; and the consequences of data breaches.
Applying a holistic technology and data risk management strategy may be an organisation’s best bet where mitigating related risks is concerned. A macro view of the role that technology and data plays in the company, and the integration of checks and balances at all levels of the firm, may help minimise exposure to risk, and avoid the consequences of a cyberattack and the ensuing damage, or the loss of reputation that could lead to a decline in the value of the firm.
20 The IERP® Monthly Newsletter September - November 2021