In this issue, our Field CISO Phil Bindley goes back to basics, asking the question: "What's in your risk bucket?"
When the world seems such an uncertain place all of a sudden, with recent developments over the past years, and certainly more recently, it has made me think about the risks that exist today that perhaps were not present less than 5 years ago.
On an individual or even organisational level there is very little anyone can do to manage those risks that are dropped on us by Geo Political events or Macro Economic impacts driven by both National and International Fiscal policies or potential trade wars.
How I like to visualise risk management.
It brought me full circle to something that I like to use to help people visualise risk. As a very visual learner myself I like to try to simplify what can often be seen as the very dry subject of risk management.
Every organisation faces numerous risks when charting their course for growth, success or whatever their ambitions are. Some that are out of their control, some of which they can, to one degree or another, positively or negatively impact.
The image I would like you all to think of now is a big bucket. The bucket is neatly positioned above your most precious possessions. If this bucket overflows the consequences are likely to be extremely damaging to the treasures that lie below.
Adding to your bucket.
Different people take it in turns to come along and empty risks from their buckets into your bucket. You can't stop them as you have no control over them. Maybe one is a competitor that suddenly comes up with a genius idea that will potentially massively impact your sales forecast. Another is a piece of legislation that will add additional cost to doing what you do. These uncontrollable risks keep wandering in and filling up your risk bucket. It is getting pretty close to the top now and your valuable, hard earned success is in peril.
A new visitor to your bucket has just walked into the room with another bucket that is full of risks and threatens very much to make your bucket overflow. This bucket is Cyber Security Risks. You have heard about these and seen a lot on the news about it. The IT team keep asking for more budget to deal with these but you are not really that sure what they are or how much risk is in that bucket in order to take the necessary steps to prevent it from spilling over.
So, why haven't you done anything about it? Hope it doesn't happen? Are you in the "Why would I be a target" school of thought? On a personal level am I totally ambivalent to that. What I would like you to consider is the following. With any other risk that your organisation is facing would you simply choose to ignore it? Or hope that IT have it under control? That by the way is a whole other story that I am sure will be coming soon!
To do something about it, and to make sure your bucket is much less likely to ruin the very things that you prize the most, you must take the first step and take the time to understand what those risks are in the context of your organisation. Then and only then can you decide what you are going to do about them.
