While digital transformation enables business growth, it also opens doors to new threats. Here’s why risk management should be a core component of the digital transformation process, and how organizations can manage risks more effectively.
As enterprises ramp up their digital transformation efforts, tracking and securing data becomes a complex task as data may be located in various locations – such as on-premise, on the cloud, or even outside the organization. This poses a problem especially in highly-regulated industries such as the banking, financial services and insurance sector as financial services institutions (FSIs) are mandated to know where their data is stored and ensure that it is secure.
Having poor risk management is a costly move as the digital age is fraught with cyber threats. Case in point: The cost of cybercrime in Asia Pacific today is estimated to reach up to US$575 billion a year, with FSIs being a key target as they are delivering more services online. The Cyber Security Agency of Singapore (CSA) also revealed that there were 23,420 phishing URLs with a Singapore link last year, which is nearly a tenfold increase from 2,512 in 2016.
Moreover, not complying with regulations will result in hefty fines. Just last year, a Hong Kong branch of a private bank was fined US$900,000 for failing to comply with anti-money laundering rules. This is a cause for concern as regulators are introducing more regulations in an effort to minimize risks associated with adopting digital technologies such as cloud. The Monetary Authority of Singapore (MAS), for example, has introduced a section on cloud computing services in its updated outsourcing guidelines for financial institutions. Under the guidelines, financial institutions are reminded to ensure that their service provider has robust access controls to protect customer information, and such access controls should survive the tenure of the contract of the cloud services.
Additionally, the Association of Banks in Singapore (ABS) encourages FSIs to use OSPAR-certified service providers when outsourcing critical systems and systems handling customer’s personal information. This is because OSPAR (Outsourced Service Provider Audit Report) ensures that outsourced service providers maintain the same level of governance, rigor and consistency as the financial institutions in Singapore.
For organizations that plan to expand their footprint into Europe or have European customers, they will need to ensure that they comply to international regulations like the EU General Data Protection Regulation (GDPR). Enterprises that fail to protect the data of their European customers or fail to provide customer the option to delete their data when requested will face a fine of up to €4 million (US$4.7 million) per case, or 4 percent of their global revenue, whichever is higher.
Despite some of the risks digital transformation brings, enterprises cannot afford to shun them as they need to improve operational efficiency, increase business agility, and enhance customer experience. In the case of banks in Asia Pacific, 80 percent of them plan to run on a hybrid cloud architecture this year to become digital banks. Some banks, such as Standard Chartered in Hong Kong, have taken this a step further by planning to eliminate physical branches and only offer online banking services by leveraging digital technologies. To successfully realize such goals while minimizing risks, enterprises will need to include securing customer data and adherence to regulatory obligations as part of their digital transformation goals.
Since regulations can only help reduce risk if organizations have the necessary skills to comply with them, enterprises are on the constant hunt for cybersecurity professionals, big data and analytics experts, data scientists, and data warehousing experts. However, finding IT talents will become more challenging in future as Asia Pacific is expected to face a shortage of 47 million workers by 2030. One way of overcoming this issue is by turning to a managed services provider (MSP).
The MSP should have adequate controls, in terms of risk assessment, information and communication, information security policies, and sub-contracting – just to name a few.
From physical security to incident management and system vulnerability assessments, the vendor must be able to perform these tasks adequately.
The outsourced partner must act in accordance with contracting procedures, maintain adequate records when it comes to handling data, and perform constant service reporting and monitoring.
The above requirements will be taken care of if a vendor is certified in OSPAR and other relevant regulations.
On top of managed services, organizations can also look to enhance their own risk management capabilities with the power of automation. They can do so by prioritizing assets and segmenting them according to risk, before applying the appropriate controls and safeguards to each segment.
Artificial intelligence (AI) can also help enterprises better manage risks despite the IT talent crunch. AI-powered robotic process automation (RPA), for instance, can help automate repetitive manual tasks such as regulatory reporting. AI can also provide automated decision support and data filtering to improve an organization’s ability to detect, predict, and prevent risk. With AI automatically scanning for new risks, raising alerts and performing automated triage, risk analysts can spend the time they used to take to sort and manipulate data on higher value tasks such as assessing more complex risks.
As organizations continue to scale or transform their business, they will need to keep pace with escalating security and compliance demands as they adopt new technologies. To do so effectively, businesses should bolster their risk management capabilities and ensure that risk management supports their organization’s strategic plans instead of hindering them.
Keen to get more tips on how to minimize your risk while digitally transforming?