Cybersecurity is no longer restricted to standard ICT domains and encompasses multiple areas of an organization: CII-KPMG Exclusive report
Deepak Parekh, HR Khan releases CII-KPMG Exclusive report at CII National Risk Summit
Cybersecurity is no longer restricted to standard ICT domains and encompasses multiple areas of an organisation including but not limited to human resources, supply chain management, administration and infrastructure and therefore requires governance at the highest levels, highlights CII-KPMG’s publication titled ’De-risking India in the new age of technology’. The exclusive report launched today at CII National Risk Summit – DeRisking India Inc for Global Competitiveness, suggests that cybersecurity has started gaining visibility at the top level and is now an essential part of the boardroom discussion.
Regulators are increasingly holding board members and senior executives of a company accountable for cybersecurity for their company, often with stiff penalties including but not limited to heavy fines and legal consequences. The leadership level therefore needs to be aware of the internal and external cyber threats and incidents that can or are affecting their organisations. The various chapters in the report highlight the potential of adopting stronger policies, implementing stricter controls, regulatory compliances, increasing employee awareness and taking the necessary actions to mitigate risk. These refer to several challenges that India Inc. may encounter in the near future and proposing different ways in which the risks arising out of the business environment can be suitably managed.
At the launch of the report, Suresh Senapaty , Chairman CII National Risk Summit said, “In this VUCA environment, proactive enterprise risk management plays a critical role on par with growth and profitability for value maximization. Well-orchestrated Risk Management practices help organizations deliver sustainable results by keeping pace with changes in client behavior, staying ahead of competition, identifying emerging technology trends and business model changes early. While this function has not received enough attention so far, most progressive corporates are beginning to realize the value it offers and recognizes that engagement in this area is of utmost importance.”
Mritunjay Kapur, Partner and Head, Risk Consulting, KPMG in India, said, “From drones to smart offices, new age technologies have not only transformed the traditional way of doing business but have also given way to unforeseen risks that can lead to serious consequences, if they go unmanaged. It is imperative to understand the ramifications of such transformational technologies and design appropriate risk management strategies to de-risk our environment. This white paper is our first step to de-risk India. We explore the challenges that organisations face and then suggest the better risk management practices that can be followed in an accelerated environment of cognitive technologies to harness an organisations’ potential to the fullest to balance the risks and opportunities.”
Some of the key de-risking observations presented in the paper are as follows:
- An organisation can’t rely solely on technical controls to avert a cyber-incident. It needs a combination of the right people, processes and technology to prevent such Incidents.
- Companies should develop a compliance checklist to ensure compliance and obtain management/process owner sign–offs
- Banks must have a risk management framework to not only mitigate pillar 1 risks such as credit, market and operational, but also have a framework to deal with other significant risks such as strategic/business risk, compliance risk, reputation risk, etc. to enable them to stay competitive with the changes in the banking environment.
- Robotics and cognitive technologies not only support in managing the risks for an organisation, but can help eliminate potential operational risks. The new-age disruptive technologies bring much needed controls within an organisation.
- While technology is expected to play a great role in fraud detection, the continuing effectiveness of technology-based fraud detection systems largely depends on fraud risk intelligence configured on the detection systems. The higher the false positive alerts generated by the tool, the lower the reliance on the outcome.
- Apart from the clear advantage of avoiding legal and regulatory penalties and complications, effective regulatory and compliance risk management can enable companies the possibility to be a differentiator in the market by infusing confidence in existing and prospective customers or stakeholders.