Cybersecurity

The missing ingredient: Risk management for 2020 and beyond

by Anthony Stevens

It’s leadership. That’s it! Alright, fine, I’ll expand.

Most traditional risk managers will instinctively counsel your organization to be moving into the 2020s as best practice would have always had it be done. While that might have been sound advice in another era, in today’s lightning-paced global digital landscape, conservative intel like this neglects one crucial element.

Leadership.

“He who thinks he leads but has no followers is only taking a walk,” American leadership expert, John C Maxwell, famously claimed.

COVID-19 is a massive wake-up call for every business. Globally, the traditional hospitality, leisure, tourism, sports, and retail industries will never be as we once knew them.

How your organization handles the crisis now will not only determine whether or not this moment in time will feature positively in your future risk presentations; it might actually determine whether or not your business survives it at all.

Strong, insightful, and consistent leadership from organizations (no matter the size), from the top-down and the inside out, will be the keys to survival, let alone success. Clarity and cohesion, ingredients that have been missing from the risk assessment process all along, are more important than ever.

Within the broad bandwidth of risk leadership, from the chairperson to department heads, it’s incredible to think that there’s been a key ingredient missing this whole time. Dialogue.

The current modus operandi is not your fault! The traditionally disparate areas within an organization of Governance, Risk, and Compliance Management (GRC), Information Security Management Systems (ISMS), and Cybersecurity haven’t exactly been conducive to risk management progress.

Here, we define three key leadership areas as clearly lacking in risk assessment and management today, and how to improve them.

1. Where’s the humanity? Find it, and bring it back!

Good old-fashioned communication is probably the most important aspect of risk management. Inter and intra-department dialogue are essential, as is finding some measure of consensus about what’s important (and what’s not), and how to move forward.

Every person in your organisation will have both individual and shared experiences of not only the company’s processes, but also the world around them. Our diversity as individuals creates perspectives that are critical to the GRC process. As such, it’s important we spend valuable time with each other (albeit via videoconferencing at the moment), rather than merely collecting data and generating inputs.

A series of numbers on a chart can tell you only so much. Data doesn’t contain nuance or humanity. It’s not subject to whims or emotions and doesn’t carry with it lifetimes of insight gained from experience.

Our job as leaders should be to share multiple perspectives and from those, arrive at some form of agreement about decision-making processes.

2. Teamwork makes the dream work

Secondly, stemming from that first lesson of ‘the human element’, it’s critical for leaders to get input from their teams, and ensure that it’s from as broad a spectrum as possible. Why? It’s the only way to allow for individual and collective perspectives on the likelihood and impact of risks to your business.

Over the last couple of years, the yardstick for accountability means you need to get input from all levels in the organization, which – traditionally – has been a slow and cumbersome process. It’s the technology that has enabled us to communicate as widely, broadly, and as inexpensively as we can right now.

Remote working was dreamless than a generation ago, and modern communications tools have allowed us to streamline the analog processes of gathering information and gaining consensus. Today anywhere from ten to even thousands of people across your business can be connected. Make the most of it.

3. Risk libraries – broadening horizons

Finally, with an increasing breadth of risks to manage, using expertly defined risk libraries is critical to identifying the ‘unknown unknowns’. There are very few people, if any, who have anywhere near enough exposure or understanding of risks across all areas of business and life. That’s where consultants have typically come in to share their pearls of wisdom and insights.

Surely there’s a better way to approach this deficiency, and use technology more effectively? Consultants are also limited by what they know. They’re human, and all humans are limited in the correlations and connections they’re able to make between abstract things.

Technology can help, providing companies with access to hundreds – even thousands – of potential risks, structured into risk libraries, and curated on an ongoing basis.

Good leaders listen to the people who work with, and for, them. How do you achieve that, especially in an environment which in which your workforce is decentralized and/or fragmented? Technology is the answer. Embracing it wholeheartedly is the way forward, and using it to collate as much information as is available will help reinforce the dam before the next disruptive flood takes us all by surprise.

You can’t predict the future, but you can prepare yourself by equipping your organization with the best tools to confront it once it arrives.

Show More

antstevens

Anthony Stevens is Co-Founder and CEO of 6clicks, a revolutionary Software as a Service (SaaS) platform enabling companies to automate vital risk assessment, compliance and ISMS processes. The company’s free mobile app '6clicks Risk Review for Teams' enables stakeholders globally to identify and assess risk at a team and organisational level quickly and easily, generating a powerful risk matrix in a matter of clicks.

Leave a Reply

Back to top button