By Paige Poore
In today’s world of economic, social and political uncertainty, organizations are confronted with an ever-increasing range of risks to deal with. Meeting these demands in a global economy means today’s enterprise must be highly resilient and able to anticipate multiple risks. For IT risk management, this requires understanding of which of the most common threats are most likely to cause business and IT disruptions.
Virtually every aspect of your business is vulnerable to disruption. Some continuity issues could take your business offline for days, but even minutes of downtime can prove costly. Business and IT disruptions that result from business continuity and IT security failures will cost organizations an estimated average total of $19.6 million over the next 24 months.
With costs this significant, IT professionals, C-suite executives and business owners alike requirefact-based insight into the causes and financial consequences of these incidents—including the cost of damage to reputation and brand value.
Today wraps up the annual Business Continuity Awareness Week (BCAW), a global event coordinated by the Business Continuity Institute. The week was key to raising the awareness of business continuity by showcasing its value as a strategic and integrated business discipline. The theme of BCAW this year was “Counting the Cost” a theme designed to demonstrate the potential cost of not having an effective business continuity management system.
Whether a global multinational or a small business, whether operating in financial services, public administration or manufacturing, business continuity is a dynamic management practice that is proven to help organizations anticipate, prepare, respond and adapt to an ever changing risk environment.
Though the perception is that the largest threats are external, the reality is that both business continuity and IT security professionals ranked human error as the leading threat in terms of both likelihood and economic impact. Here are suggestions for how to manage human error in IT risk management:
1.) Building a Risk Aware Culture: According to a recent IBM study in partnership with the Ponemon Institute, both business continuity and IT security professionals ranked human error as the leading threat in terms of both likelihood and economic impact. One essential practice of helping to reduce human error is building a risk aware culture and management system that begins at the top and is pushed relentlessly down throughout the organization. This involves identifying sources of risk, setting goals and communicating roles and responsibilities at every level, from senior and middle management to every user of the organization’s email.
2.) Automation: Automation can also play a part in reducing human errors such as policy-based control mechanisms for identity and access management addressing the continuous evolution of software-based vulnerabilities. Be proactive by evaluating automation solutions in the context of reducing the potential for human error rather than reducing IT costs. For example, automating backup across all user and server platforms can address a range of human errors that can lead to data loss— from incorrectly configuring backup software to forgetting to run backups or even losing a notebook PC. Automating endpoint security settings across mobile and desktop devices is another example of a technology-led approach to reducing opportunities for human error.
3.) Reputational Damage Control: Since business unit leaders are outside the IT function and may have little to no IT experience, their decisions on everything from strategy to the optimal processes for mitigating disruptions may not be based on a true understanding of the IT risk landscape. According to our study, up to two-thirds of survey respondents believe that their organizational leaders do not realize that business and IT disruptions can damage reputation and brand image—and that those damages carry a hefty cost. Help these leaders understand the reputational consequences of IT failures, and in the process elevate yourself and your peers as IT professionals who protect this valuable corporate asset
So this year for BCAW, organizations and IT leaders should become the voice for the economic and reputational impact of IT risk which provides a win-win opportunity for you and your organization. The organization gains a valuable new perspective through which to filter IT risk strategy and tactics, while you can become known as the technology person with an eye on the bottom line—which almost always means increased visibility.