In May of 2014, our company website was hacked and my colleague, Edmund our Engagement Director, shared key lessons from that experience that you can read here. This experience totally altered my thinking towards risk management in organisations today. Risk management in organisations requires forecasting and evaluation of potential risks and devising strategies to avoid or minimize their impact on the organisation. This means acknowledging that risks exist, assessing their possible impact on the business and devising means to mitigate these risks is central in any organisation.
Unlike in the past where opportunities were fewer and business risks were limited to political, technical, contractual among others, digitalization and technological disruption have caused many organisations to revisit their business models to retain customers created from the boundless possibilities for growth and value creation shaped by the digital world. This, however, comes with its own set of challenges and risks since digital risk has the potential to significantly affect the operational, financial and strategic elements of a business.
The risk function has become a crucial enabler of growth and more organisations are considering risk when forecasting and budgeting. While technology has always had an influence on businesses, the current phase of modern technology is very different both in terms of scale and pace of change. Gone are the days when technology was considered as a purely technical issue, it is now a critical business risk. According to a 2016 report by EY on digital risk, there are clear signs that risk management is coming out of its silo —a promising and necessary move towards risk arising from digital disruption.
Although cybercrime (i.e. hacking, copyright infringement and others) is the biggest challenge for many organisations; and has led to financial loss by quite a number, in regards to digital risks, it is not the only challenge. However, before we delve into the other risks, we need to steer clear of the perception that digital risks are only an element for consideration by financial institutions.
The digital age has created several other threats for businesses and intensified existing threats such as data loss, technology outages, misrepresentation, reputational risks and third-party risks. Continuous change and disruption also time and again keeps organisations on their toes as they are keen to explore new breakthrough channels for example with social media. In trying to keep up with the trends, new technologies are also becoming obsolete at a faster rate than before. A balanced strategic approach towards risk management therefore becomes crucial.
As Steven Culp, Accenture’s Senior Managing Director for Risk once wrote, risk management—once seen as a pure safeguarding function—now has a more proactive role to play. As new risks, in particular digital disruption, emerge, the risk function will be crucial not only to defend against threats, but also to support growth and success in a digital future.
Bearing in mind these risks, organisations need to develop sustainable mitigants for the ever increasing business risks in the digital era and below are a few suggestions;
- Policies, frameworks and procedures; the one mitigating factor for all risks in organisations is developing the right policies and procedures that govern the overall operation of the business. These policies should be comprehensive enough to cover the technological risks the business may encounter. These policies should be upgradeable as the changes and disruptions come. These will serve to address the intensifying digital risks in the market today.
- Monitor online presence; it is no longer common for businesses to explore various digital options such as websites, social media accounts among others. Building presence and maintaining sites through updating platform versions, plugins among others will remain key. Maintaining online presence also allows for organisations to understand customer preferences and therefore gives them the opportunity to serve clients or receive feedback in real time.
- Backup; from experience, we lost some critical information when we were hacked and now we are keen to back up regularly in 4 places. To ease the process, this can be automated or outsourced to a third party through cloud storage. You should be keen to understand how third party backups work, but more importantly, do not rely totally on the. Have your own backups in either a hard disk or other storage devices.
- Risk management as a function; although not all organisations are big enough to have risk management as a strategic function, it is important to continuously update potential risks (digital or otherwise) facing the organisation and more importantly incorporate these potential risks in decision making.
- Manage cyber security and improve cyber safety; cyber-security and safety is no longer much about avoiding being hacked as it is about how an organisation reacts and responds to these hacks. The importance of creating and maintaining defenses cannot be undermined; however, we must recognize that hackers are ahead of us more times than we care to admit. Organisations should focus on backups but also develop strong technologies capable of recognizing and eliminating attacks in real time.
- Data management and data security; as with backups, your organisation should take advantage of data security services offered by third parties as well as develop strong solutions internally.
- Reputation; so much depends on a company’s reputation and the digital age magnifies this risk even further. How your company is perceived, will have an effect on your sales, growth finances etc. as businesses operate virtually today through social media, it is critical to remain creative, relevant, hire the right staff to manage online platforms and continuously build and maintain a positive image in the eyes of customers and the public.
Although digital business risks have the potential to negatively impact a business significantly, the opportunities remain boundless for organisations that overcome these challenges. Critical to managing risks in the digital age is regular review and adjustment of strategies in a sustainable manner. In the near future, we are likely to have products such as cyber insurance from our insurance providers.
By Sarah Achiro
Sarah is our Business Analyst . She is a growing consultant with BLEGSCOPE and has 3 years’ experience in consulting for SMEs and in the service sector. She is keen on strategy, finance and procurement. She has previously worked for Riham Foods and MTN. You can follow her on twitter >> @achirosarah