The lesson of recent cyber events is that understanding your risk exposure must be comprehensive – it is not enough to understand and document the risks that you track internally. It is critical to map out the different resources that go towards creating your market offerings. These outward-facing business “Services” are the focus of the Bank of England’s Operational Resilience requirements.
How would you answer the following questions?
- Do you have a true understanding of the people, processes, systems, data, 3rd parties and facilities that go towards producing the products that you offer your clients?
- Do you understand the impact of the loss of one component in your Service “chain” on your ability to continue offering that product or service?
Diagnostic approach
We recommend taking a simple diagnostic approach to manage exposure:
- Identify the most important services by reputation, profit generation or brand importance.
- Map the components – how do you deliver, for example, client payments?
- Assess the exposure and Impact Tolerance of each component. Could you tolerate losing the service for a couple of hours? What about for a week?
- Launch remediation internally or with suppliers for instances in which loss of a component could cause intolerable interruption.
Insightful reporting
Ensuring that your senior management can see at a glance where their exposures are is fundamental to managing operational resilience. For example, using our reporting tool with a recent Investment Bank client, we were able to provide senior management with clear insight to their exposures at the level of the Fund, the Portfolio Company and the individual service.
If you would like to discuss your operational resilience and how we can reduce your exposure, please do not hesitate to get in touch on +44 203 603 4733 or email us at info@three-two-four.com.
