Here at LogicManger, our annual customer conference, IMPACT, is almost like a New Year of sorts. It’s a point in time where we reflect back on all that we have accomplished in the past year with our customers and formalize our plans for the year ahead.
We introduced the concept of the See-Through Economy to our customers at IMPACT two years ago. Since then, there has been no relent in the publicity around corporate failures, and no slow down of corporate setbacks.
Fortunately, there are so many companies doing good and making an effort to keep mishaps at bay, and this is what IMPACT is all about. We celebrate the risk management heroes that prevent major missteps at their corporations. By protecting their organization’s reputation, they open doors for growth and meet the expectations of their customers, employees, shareholders, and communities at large.
In my presentation at IMPACT, I discussed one of the more recent corporate headlines and what this symbolizes for the future of the risk management industry. Capital One’s data breach impacted roughly 100 million individuals in the U.S. Immediately there was a lot of finger-pointing to Amazon Web Services, the third-party cloud computing provider of Capital One. Amazon vehemently denied any fault, and Capital One’s shares tumbled.
Capital One expected direct costs related to the breach to be $100 to 150 million due to customer notifications, credit monitoring, technology costs, and legal support. However, as RBC Capital Markets analyst Jon G. Arfstrom wrote, the cost projections appear “very manageable…but we worry about longer-term reputational damage…”
This research illustrates that while data breaches have a short-term impact that most companies can rebound from, they are then followed by longer-term effects and underperformance compared to the market for years to come. The rebound in the short-term is also the result of the company’s insurance picking up the short-term costs, but the long term damage to their reputation is not covered by their cyber policies. Enabled by the See-Through Economy, consumers are starting to vote for the brands they trust with their wallets and these data breaches have a lasting effect on a company’s reputation, and thus their bottom lines over time.
A theme that was repeated throughout IMPACT was, “You can outsource the process, but you cannot outsource the risk.”
As the world around us becomes increasingly interconnected, organizations need to be able to gain transparency not only across silos and levels within their organization but also across the boundaries of their vendor supply chain.
Companies need to be able to interact and collaborate with all touchpoints, in, and outside their organization. As our keynote speaker Joseph Ghammashi, former Chief Risk Officer of Corporate One Credit Union emphasized, you need to prepare today for the worst tomorrow. In today’s economic, geopolitical, and data breach-crazed climate, this is more important than ever.
Corporate One became a customer in 2006. At that time they were a single state financial institution that recognized, with the help of LogicManager, that 3rd party risk should be measured by the impact the vendor has to their organization rather than how much they spend on the vendor or other factors. Using this risk-based approach, Corporate One was able to identify that financial advisors like S&P and others were among their highest risk vendors and began to risk rate their recommendations. The result? Corporate One was able to use LogicManager to make the business case why NOT to invest in sub-prime mortgages and mortgage-backed securities when “every financial institution was doing it” and largely side-step the massive fallout from the Great Recession of 2008. Because of this risk-based approach, they had the financial resilience and capital reserves to then acquire financial institutions across the country and become the leader in their industry and expand from just one state to operations nationwide.
All warning signs of scandals and missteps are known somewhere in the organization 6 months to 2 years in advance. An Enterprise Risk Management system will identify these scandals and missteps waiting to happen and help you make a plan to reduce or eliminate the risk.
We’re excited that soon we will be sharing a new offering that is designed to help our customers accomplish their need for increased transparency and preparedness out through their third parties. We’re calling it Governance-as-a-Service, and there will be more to come in 2020. If you’re looking for a solution like this or would like to be a part of the pilot process, we’d love to speak with you!
Organizations need to build a brick house, but it is increasingly difficult to do when third-parties are opening doors and windows that we don’t have direct control over. We’re excited to help our customers solve this challenge and create peace of mind.