Why is it that until you are knee deep in a full blown cyber event, it is still just someone elses problem.
Until you have limited or no access to business resources, do we still think that it is someone elses problem.
When does it become a business problem?
When does it become something that YOU, as a manager, C level executive or board member, have to think about.
I have been asking that for years.
Risk management and reducing the impact of residual risk has been around for centuries. We have always looked at natural disasters as a risk to the business.
When it comes to the digital components, the ones we use to do business, the ones that have a critical impact on every organisation, the ones we use to invoice, communicate and socialise with our clients and staff, why do we fail to see the impact.
We get blinders, a narrow viewpoint, we fail to see the risk that the digital world can deliver to the organisation.
We fail to see the significance of the risks that comes from our digital world.
If we do see it, it has to be an ICT problem.
We are talking about computers and data, therefore it has to be an ICT issue.
This is definitely one of the strangest attitudes in today’s world.
We can no longer treat business risk with the same attitude we have always done.
Today’s Business risk is a whole of business problem and needs a whole of business approach to manage it.
No matter the risk, all risk has an impact on your organisation. All risk has to be treated.
No matter the system involved.
Business risk has to be treated by one of the following treatments. Mitigate, accept, transfer or reduce,
Before you can apply a treatment to it you first need to acknowledge the risk itself.
To do that you have to think them through.
Every little thing that could and would impact the organisation and how the organisation will react needs to be processed.
This includes risks to reputation, data loss, finances as well as the impact of ransomware.
Have you taken all of your risks into account.