Back in August of 2015, we discussed a vulnerability in Android’s operating system that put both personal and professional data at risk. This is just one example of the fact that improved technologies, while vital to continued growth, can bring with them serious cyber risks.
The World Economic Forum’s Global Risks Report 2016 reflects this idea. The report “examines the interconnections among the risks,” which multiply as technology improves.
According to The Huffington Post, “our cyber dependence and the digital connectivity of systems, assets, data and networks continues to grow, increasing the interconnection of risks and the potential for cascading effects resulting from a cyber incident.” Risk managers need to adapt to this trend.
To manage the interconnection of information, organizations should adopt a risk-based Taxonomy, which provides the business with a common framework and set of processes. This approach enables organizations to compare different types of risk across departments that would otherwise fail to collaborate or understand their interdependencies.
Having a taxonomy is so important because “everything and everyone throughout your organization is connected through a network of relationships.”
The Changing Landscape of Cyber Risk
Risk must be evaluated not just across, but beyond the organization. As Kirstjen Nielsen writes, “The enterprise is no longer limited to an entity’s owned or controlled systems, networks, and assets.” The enterprise-wide scale adopted by ERM solutions begins with a root-cause approach that addresses both internal and external risks.
Managing risk without a taxonomy (i.e. a department-specific approach) is a guaranteed path to ineffectiveness. It’s necessary not just to adopt an enterprise-wide scale, but to consider how cyberattacks might indirectly harm the organization (by disrupting, for example, a large communication network).
What’s the Answer to Cyber Risk’s Increasingly Systemic Nature?
We’ve already touched on it: The best method is identifying risks by their root causes. Many risks with different symptoms (e.g. different impacts across departments) share the same root cause. If departments try to evaluate them separately, they will invariably work up different solution strategies, some of which will be more effective than others. This means duplicative work and wasted resources.
LogicManager’s unique Taxonomy technology is recognized as the best tool “for defining relationships between risks, requirements, goals, resources and business processes.” It is your means of identifying shared cyber risks and infrastructure between departments and with third parties. This includes applications, assets, vendors, and more.