Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Risky business: The GRC trends you need to be aware of in 2022

After living through some very interesting times, the way in which Australian businesses perceive risk is evolving, and the upcoming year will see many take a new approach. Gaurav Kapoor from MetricStream Solutions & Services explores.

user iconGaurav Kapoor
Fri, 18 Feb 2022
Risky business: The GRC trends you need to be aware of in 2022
expand image

Was your operational resilience put to the test during the past two years? If you answered no, congratulations perhaps you need to read no further.

But for most Australian organisations, the pandemic has been an extraordinary longitudinal test of their ability to respond and regather, in a climate characterised by uncertainty.

For businesses that have moved into rebuilding mode, there is some good news: adapting your governance, risk management and compliance systems can help you bounce back faster and transform potential problems into points of competitive advantage.

============
============

Here are five GRC trends to be aware of as you fortify your enterprise to withstand whatever challenges the future holds.

Zero to 100: Adjusting to the rapid acceleration of risk velocity

In today’s digital era, the concept of isolated risks has died a quick death. An accident or incident – think systems outage or cyber security breach – can have an almost instantaneous, enterprise-wide impact on the organisation.

The risk assessment process needs to reflect this accelerated risk velocity. Therefore, expect to see on-the-ball businesses putting an end to annual or quarterly risk assessments, instead adopting an agile, real-time methodology.

Paying attention to peripheral risks

We all recognise trouble when it stares us in the face, but when it’s lurking in the shadows, it’s not as easy to grasp. Identifying and mitigating peripheral risks – think cyber vulnerabilities because of your connection with third party suppliers or partners – has historically been a needle-in-a-haystack style exercise.

With the aid of an AI-powered platform that can bring in millions of data points about threats, vulnerabilities, breaches, risks, regulatory changes from web, and internal and external third-party systems, which is no longer the case. Homing in on these areas of sideline risk will be a priority for chief risk officers and chief information security officers who want to stay ahead of the game in 2022.

Empowering frontline workers

They’re very often the first to raise the alarm, but in earlier times, frontline workers weren’t necessarily authorised to disclose or respond to adverse events until these were already well in progress.

Digital tools and technologies can be deployed to speed up that authorisation process; opening these lines of communication will be a priority for leadership teams that want to proactively mitigate risk by keeping their finger on the proverbial pulse.

Introducing more agile improvements

In the past, GRC projects and initiatives were very often “bigger than Ben-Hur”. But lately, businesses have recognised the advantages of breaking these down into bite sized chunks. Adopting an agile approach – taking small steps to resolve risks in stages – will become much more of a thing” this year, as companies look to realise benefits progressively.

Quantifying the cost of risk

The average organisation faces a multiplicity of risks yet assigning a dollar value to each one of these was not something they were easily able to do in the past. Instead, decision makers relied heavily on qualitative analysis, using heat maps and ranking systems to indicate the likelihood and relative severity of various adverse events.

Today, that’s changing fast, thanks to the emergence of AI-driven cyber-risk quantification platforms that eliminate assumptions and guesswork from the process.

Using sophisticated modelling tools to simulate a range of scenarios, organisations can obtain a detailed understanding of the risks they face, and the financial, operational, strategic, and reputational costs associated with those risks. Knowledge is power and in 2022, we’ll see many more Australian business leaders availing themselves and their organisations of it, through judicious investment in risk technology.

Going for growth in 2022

Success in business necessitates pursuing two ends simultaneously: exploiting opportunity and managing risk. Optimising the way your organisation does the latter will have you well placed to make the most of whatever 2022 has in store.

Gaurav Kapoor is the co-founder and president at MetricStream Solutions & Services.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.