Cybersecurity is no longer restricted to standard ICT domains

Cybersecurity is no longer restricted to standard ICT domains and encompasses multiple areas of an organisation, including but not limited to human resources, supply chain management, administration and infrastructure and therefore requires governance at the highest levels. These observations are highlighted in CII-KPMG’s publication titled ‘De-risking India in the new age of technology’. The paper launched today at the 2nd CII National Risk Summit 2016 - DeRisking India Inc for Global Competitiveness, suggests that cybersecurity has started gaining visibility at the top level and is now an essential part of the boardroom discussion.

Regulators are increasingly holding board members and senior executives of a company accountable for cybersecurity of their company, often with stiff penalties, including but not limited to, heavy fines and legal consequences. The leadership level, therefore, needs to be aware of the internal and external cyber threats and incidents that can or are affecting their organisations. The various chapters in the report highlight the potential of adopting stronger policies, implementing stricter controls, regulatory compliances, increasing employee awareness and taking the necessary actions to mitigate risk. These refer to several challenges that India Inc. may encounter in the near future and proposing different ways in which the risks arising out of the business environment can be suitably managed.

Voicing his opinion on the white paper, Richard Rekhy, Chief Executive Officer, KPMG in India said, “it is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust. It would also help accentuate the growth with strong processes in place. Managing risks and aligning it with all key stakeholders must be on top of every board’s agenda.”

On the launch of the publication, Mritunjay Kapur, Partner and Head, Risk Consulting, KPMG in India, said, "From drones to smart offices, new age technologies have not only transformed the traditional way of doing business but have also given way to unforeseen risks that can lead to serious consequences, if they go unmanaged. It is imperative to understand the ramifications of such transformational technologies and design appropriate risk management strategies to de-risk our environment. This whitepaper is our first step to de-risk India. We explore the challenges that organisations face and then suggest the better risk management practices that can be followed in an accelerated environment of cognitive technologies to harness an organisation’s potential to the fullest to balance the risks and opportunities.”

Suresh Senapaty, Chairman CII National Risk Summit 2016 said, “In this VUCA environment, proactive enterprise risk management plays a critical role on par with growth and profitability for value maximization. Well-orchestrated Risk Management practices help organizations deliver sustainable results by keeping pace with changes in client behavior, staying ahead of competition, identifying emerging technology trends and business model changes early. While this function has not received enough attention so far, most progressive corporates are beginning to realize the value it offers and recognizes that engagement in this area is of utmost importance."

Some of the key de-risking observations presented in the paper are as follows:

-An organisation cannot rely solely on technical controls to avert a cyber-incident. It needs a combination of the right people, processes and technology to prevent such incidents.

- Companies should develop a compliance checklist to ensure compliance and obtain management/process owner sign-offs.

-Banks must have a risk management framework to not only mitigate pillar 1 risks such as credit, market and operational, but also have a framework to deal with other significant risks such as strategic/business risk, compliance risk, reputation risk, etc. to enable them to stay competitive with the changes in the banking environment.

-Robotics and cognitive technologies not only support in managing the risks for an organisation, but can help eliminate potential operational risks. The new-age disruptive technologies bring much needed controls within an organisation.

-While technology is expected to play a great role in fraud detection, the continuing effectiveness of technology-based fraud detection systems largely depends on fraud risk intelligence configured on the detection systems. The higher the false positive alerts generated by the tool, the lower the reliance on the outcome.

-Apart from the clear advantage of avoiding legal and regulatory penalties and complications, effective regulatory and compliance risk management can enable companies to be a differentiator in the market by infusing confidence in existing and prospective customers or stakeholders.

India Inc.’s steady move towards innovation exposes it to dynamic risks. With the evolution of technology, new security features and proficiencies are likely to emerge. The publication concludes with a positive rhetoric, believing that a dynamic corporate India will emerge by being resilient in the face of a global turmoil, while facing the challenges on its expedition to success. For this to come to fruition, organisations need to build and implement leading practices for effective risk management. The world of technological advances is a double-edged sword, where one needs to embrace technology along with its strategies, as well as simultaneously mitigate the associated risks. Abstinence from any of these technologies might appear as one of the most effective defences, since ensuring compliance is an uphill task. But the exponential rate at which the digital world is booming, it is likely to influence organisations in the years to come.