Four steps to an advanced tech and cyber risk function
Four steps to an advanced tech and cyber risk function
Insight

Four steps to an advanced tech and cyber risk function

Elevate your risk management functions by building a proactive culture of collaboration and innovation that supports the business.

In an emerging cyber threat landscape, companies no longer have the option to be reactive. They must be proactive with their technology and cyber risk management (TCRM) functions to protect the company and its customers’ data. KPMG’s third annual Technology and Cyber Risk Management Financial Services share forum discussed cutting-edge technologies and best practices to elevate tech and cyber risk function through these four steps.

Get the TCRM structure right. With honest input and critical thinking from stakeholders, a customized structure with at least two separate lines of defense (LOD) serves to identify and monitor acceptable risk levels. While the first LOD handles the processes associated with business risks and controls, including identifying, measuring, managing, and reporting cyber threats, the second LOD challenges the first line’s operations and sets the risk appetite, tolerance and limits, apropos of new and emerging risks. Through this healthy collaboration, assumptions and strategy can be challenged, and risks assessed and mitigated.

Obtain good data. Old and unreliable data leads to misinformation and uninformed decisions. Therefore, the aforementioned LODs must include a risk taxonomy, which is reviewed and updated regularly with a risk quantification process. A consistent methodology allows the company to allocate resources to the areas of greatest risk to ensure protection as well as accurate and complete data from which will-informed decisions can be made.

Take a proactive, business-focused approach to risk. Adopting a risk management culture fosters innovation in the business. The LODs assess the risk as part of the overall business strategy and apply it toward future business decisions, such as the implementation of emerging technologies. With data-backed scenarios, the business can make better decisions and develop an agile TCRM function, able to account for the introduction of new processes and predict potential risks before they occur.

Automation and innovative technology. Adopting emerging technologies, such as cloud computing, mobile apps and AI integration, strengthens the TCRM teams’ efforts to detect and eliminate critical risks before they threaten the company, driving business value. However, senior management needs to invest in the TCRM function to allow the professionals to do their jobs effectively, which includes gathering and analyzing data, collecting and prioritizing threats, and implementing strategies to combat risks.

Learn more about protecting your business with a holistic risk and governance framework in “Four key steps to fuel a proactive tech and cyber risk function,” and check out how other companies handle tech risk management.