We are just past the first month of 2022 and we are already starting to see headlines like “World Economic Forum finds that 95% of cybersecurity incidents occur due to human error”.
European organizations are increasingly becoming aware of the importance of having real-time visibility into the overall risk management strategy. A proactive approach to risk management is no longer unique to the CIO’s function alone but now decision-makers and board members are quickly coming to realize the importance of showing how they will prevent, adapt, respond to, and recover from operational disruption. While this sounds so easy, sometimes what seems simple can be the most difficult to achieve.
The landscape in which we operate continues to evolve, and we’re reading more and more about regulations and guidance that is upcoming or changing. It’s not just one pillar of risk that opens organizations to potential fines and prosecution. To make it more difficult, these risks aren’t always visible to everyone and can require a mammoth cross-functional effort to remain aligned.
Being able to understand that risks can emerge not only from the servers you store data on but also the people who handle that data is paramount. This highlights the importance of a cross-functional risk management process. It’s not only the computers, the cloud servers, the files storage that can be an area of concern; it can be human error, and it’s important to safeguard and protect against these unknowns.
In 2022, we expect further guidance around the Digital Operational Resilience Act (DORA) which aims to ensure that all organizations participating in financial systems have the necessary safeguards in place to mitigate cyber-attacks and other risks.
Timings and scope are not finalized but there is the expectation that Sarbanes-Oxley (SOX) internal controls will be reflected in the UK. The importance of having transparent and robust controls in place will best prepare organizations for what happens next.
Climate-related risks are also going to evolve with the Prudential Regulation Authority (PRA) and Task Force on Climate-related Financial Disclosures (TCFD) requiring companies to be transparent and disclose impacts on climate. The expectation is that financial sectors globally will be bringing mandatory climate-related reporting. This comes as New Zealand was the first country back in October of 2021 to pass climate change disclosure laws bringing climate risks and resilience into financial and business decision making.
The above examples reflect the changing landscape. This is not new. Regulations and legislation have been changing over the last few years. Remembering back to 2018 when GDPR was being implemented and the concerns that organizations had in terms of personal data. There were questions around how that data was processed and what security measures each company had in place to protect that data.
Whatever comes next we know that the key elements of your integrated risk management strategy should include an effective operational resilience program, business continuity management, cyber risk management, and third-party management. Coordinating these functions through a connected and integrated risk management program ensures that organizations will be better prepared to navigate an uncertain world and adapt quickly to disruptions.
With MetricStream’s ConnectedGRC, your organization is empowered to pursue an integrated approach to GRC. By ensuring collaboration between risk, compliance, audit, cybersecurity, and sustainability teams your business is better able to identify, assess, manage, and mitigate strategic risks, operational and enterprise risks, IT and cyber risks, third-party risks, compliance risks, and environmental, social, and governance (ESG) risks.
Whilst there may still be uncertainty, a connected GRC approach ensures that processes are in place to deal with what’s next in the simplest manner possible! As the risk landscape continues to change, stay tuned for future blogs that go deeper into changing regulations for Europe such as UK SOX and Operational Resilience.
Connect with us to see how MetricStream can help. Request a custom demo now!