Several businesses find it necessary to change their risk appetite in a downturn as operational risk is extended to cover potential risks like the bankruptcy of customers and suppliers and modifications to cash-flow patterns.
The year 2020 saw some businesses struggle to keep up with the changing times whereas others have been quite resilient. Organizations must have a deep understanding of the business in order to sustain themselves in the post-COVID landscape. During a downturn, managing operational risk effectively is critical. For that to happen, companies must have a robust system in place to recognize threats, craft incident response plans, and build visibility.
The ability to respond quickly in the face of rapidly changing situations is essential to a successful strategy. There are several steps an organization can take to obtain deeper visibility into operations and build a holistic view of the threats that are of utmost concern. The sense of urgency that a downturn brings can be used as a catalyst for bringing in positive change and higher resilience.
Strategies for Controlling Operational Risk
Understand the risk appetite better
Businesses must have a fair idea of the risk that they can endure. The level of tolerance during a downturn will differ from business to business and what their customers can bear. Recognizing the spots where the major risk sprawl is can help form mitigation strategies and also be a catalyst for significant changes. With consumer behavior constantly changing, it is time for organizations to look beyond managing existing customer experiences and feed the rising demand.
Take a risk-based approach
Although compliance is critical and easy to understand for company boards, a box-ticking approach to cybersecurity is incapable of addressing the unprecedented risks that every enterprise encounters. It is quite challenging to shift from a compliance-based strategy to a risk-based strategy but both are mutually inclusive. Organizations must ensure that the approach is in line with the overall business strategy and showcase the advantages for securing board buy-in.
Keep an eye on the threat landscape
Before crafting an effective risk-based approach, businesses must have a clear idea of the threats they face. Companies should keep a keen eye on the situation and also be up-to-date with the ongoing trends in organized criminal groups and nation-states. This can be difficult if the company is operating across various jurisdictions as they need to update themselves about the activities carried out by threat leads in those geographies and what the regulatory landscape looks like.
Also Read: A New Wave of DDoS Calls for more Security
Map out crisis management
Organizations can navigate through any crisis if they have a concrete strategy in place and well-defined responsibilities. They must ensure that the policies and incident response plans are flexible enough to handle a variety of situations. Employees should be aware of their responsibilities when a crisis hits and report back to the higher management about the same. It is the responsibility of the entire organization to spread the burden and build understanding across departments and geographies.