DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Thursday, 10 January 2019 15:07

The Quest for Cyber-Trust

With technology becoming ever more sophisticated and offering both enhanced opportunities and new vulnerabilities and threats, there is a danger that organizations of every different type leave themselves open to malicious attack or data breaches on a massive scale. Risk management, therefore, is just as vital in cyberspace as it is in the physical world. But what are these cyber-risks? How can International Standards help mitigate them? And is it really the case that the only answer is even more sophisticated technology?

The Oxford English Dictionary definition is certainly clear enough: “risk”, it says, is “a situation involving exposure to danger”. Risk must be taken to achieve results, but also risk must be managed to achieve positive outcomes and avoid negative consequences.

Avoiding risk is impossible. Risks need to be taken and this is an inevitable and necessary part of all our lives, both personally and professionally. Indeed, if any company or organization in any industry in today’s highly competitive world was to try and pretend that there were no risks in what they did – in effect, that risk did not exist – then quite apart from defaulting on their statutory and legal obligations, they would very quickly fold and disappear from sight.

But risk can also be a force for good. Managing risks successfully can have positive results, and companies need to take risks in order to achieve their objectives. Organizations quite naturally need a degree of certainty before taking important strategic decisions, and it is essential to understand that risk is really about the likely impact of uncertainty on those decisions. In short, risk is about managing decisions in a complex, volatile and ambiguous world, one that is fast becoming even more complex and ambiguous.