Companies face bigger risks than cyber security threat
Contrary to popular belief, a cyber security threat is not the biggest risk posed to a business operating in today's digital era.
This is according to Graham Blain, head of IT governance, risk and compliance at Standard Bank Group, speaking at ITWeb Governance, Risk and Compliance 2019, in Johannesburg today.
"Governance, risk and compliance (GRC) and IT GRC are under pressure to reinvent themselves to be relevant in this new age," he pointed out.
Blain noted that the biggest threat faced by businesses in the digital age is a "technology risk", which poses a greater threat than a "cyber security risk".
"How many businesses can you think of that have failed outright due to cyber breaches, data compromise, lack of capacity planning, or third-party risks?"
While many companies have been subjected to all these business risks, many such as Facebook went on to succeed even after experiencing these disasters, he continued.
"Can you think of any business that has failed as a result of technology-related developments? Absolutely, businesses such as Nokia, Polaroid, Toys R Us and Kodak are among those that have failed due to disruption and their failure to innovate. Technology risk or failure to innovate should be at the top of every organisation's risk list."
Blain advised businesses to perform a combined risk assessment approach on both IT and the organisation's operational risk, ensuring proper GRC of all IT systems and processes that support the business operations.
This will help businesses detect and mitigate any risk they may face, either operational or in their IT systems and processes, he continued.
Back in 2004, the IT division was considered a support department, but today it has transcended to become a business enabler and must now be regarded as an integral part of the organisation.
"Today, in many if not most businesses, IT has been thrust onto centre stage and is now the face of the business to its customers. In order for organisations to avoid disruption, its products, services and the entire customer experience have to be purely digital.
"IT must contribute equal partnership in the value chain, and both IT and other members of the value chain have to get out of the mindset of internal service provider to internal client. If we can't get this right, IT GRC has little hope of integrating into the overall business," concluded Blain.