The Need for Immediate, Proactive and Continuous Attention
In order to be able to accomplish the goal of preventing the damage from significant risk forces, an organization needs to place heavy emphasis on the negative risk forces at play in the environment in which it operates. By identifying these risk forces, and by then developing the ability to anticipate (predict) these forces, an organization will be able to accomplish the goal of damage prevention rather than that of management of damage on an ex post basis.
For a manufacturing company, the operational and related financial risk forces that would need to be anticipated (predicted) in order to prevent damage from these risk forces, would include, for example, the following:
- Availability of raw materials
- Failure to meet production targets
- New competitors in the market
- Loss of key customers
- Personnel errors/fraud
- Problems that develop when a new business is acquired.
While the above approach of managing risk forces during the course of business operations by anticipating (predicting) these risk forces prior to their impact might be appropriate for operational and related financial risks, cyber risk forces require immediate, proactive attention on a continuous basis. Cyber threats exist. Unlike the need to anticipate (predict) “the availability of raw materials” or the “possibility of new competitors entering the market”, cyber risk forces are already loudly and clearly at play, and they need to be given immediate, proactive attention on a continuous basis through an effective enterprise risk management system.
- Are being made aware of cyber attacks around the world, almost on a daily basis,
- Know that the guilty parties are external and internal individuals and groups,
- Are very much aware of the goals of the guilty parties
- Planned malicious attacks aimed at
- Theft and compromise of important data and information (confidential and asset-related: supplier, customer, business plan, business model, trademarks, trade secrets and patents etc.), toward the end of
- Impairing infrastructure, obtaining partial control over operations, and thereby disruption of services, obtaining financial gain, obtaining a competitive edge in the market, etc.,
- Are familiar with the many methods used by these individuals and groups to accomplish
In addition to the above good reasons why the cyber risk problem requires immediate, proactive attention, there is also the strong good reason having to do with the unfortunate reality that cyber risk is related to many other business risks. This unfortunate reality translates into the potential for widespread, devastating impact from cyber attacks on a company’s operations and financial condition. The negative impacts on a company from the attacks on its technology, data and information, individually or in concert, and via significant ripple effects across the business, have the potential to produce widespread, devastating damage to a company’s operations and its overall financial condition.
The net result of this widespread negative impact from cyber attacks on a company can then very well end up being that of the company not being able to accomplish its profit, cash flow growth and value-adding goals, and ultimately that of damage to its brand, reputation, and a decline in its value in the market.