#RISK Digital | Operational Resilience and ICT Compliance: Insights & Predictions
In the dynamically evolving world of financial services, operational resilience, and Information Communication Technology (ICT) compliance are essential. A panel discussion at #RISK Digital in September, involving the industry experts listed below and facilitated by Claire Mayer, delved deep into the significance of these facets, exploring critical themes like DORA regulations, GDPR, the role of risk management, and the crucial interplay between privacy and ICT compliance.
- Alina Timofeeva, Principal (Associate Partner), Digital & FS, Oliver Wyman
- Bill Mew, Founder and CEO, Crisis Team
- Francesco Capparelli, Senior Fellow Researcher, Italian Institute for Privacy
- Mark Woolward, CTO & CISCO, vArmour
Given the evolving cyber threat landscape and the proliferation of technology-driven financial services, operational resilience is emerging as a crucial consideration. The panel explored and unraveled the intricacies of ICT systems and their inherent vulnerabilities. The discussion underscored the importance of being prepared in the face of both external threats and internal vulnerabilities. Ms. Timofeeva emphasized that operational resilience is not just about countering external threats but also developing an integrated defense mechanism against a spectrum of risks.
The Digital Operational Resilience Act (Dora) is set to be a game-changer.
The wave of new regulation set to start in 2025 is paving the way for a harmonized approach to ICT risk management. Ms. Timofeeva highlighted that DORA fosters an environment where firms can address operational resilience proactively rather than reactively. The regulatory framework emphasizes a broad scope, with Mr. Capparelli considering DORA to be a legal revolution, intending to standardize ICT compliance across the financial sector.
Mr. Mew advocated for thorough penetration testing and advocated for fully immersive simulation exercises. He argued that these simulations are indispensable for developing a robust understanding and response mechanism for operational resilience. This aligned with Mr. Woolward’s thoughts on the extensive applicability of operational resilience strategies beyond financial services. He foresees that best practices will permeate various sectors, leading to the evolution of more resilient multinational companies.
In a world accentuated by data, the panelists agreed that the General Data Protection Regulation (GDPR) is integral.
Mr. Mew illustrated that organizations willing to go the extra mile in ensuring GDPR compliance will benefit from those efforts, especially in terms of reduced fines and enhanced credibility with regulators. He sees these efforts as elevating organizational standards and proactively embracing a culture of data privacy and protection.
Mr. Woolward drew attention to the equally pivotal aspects of operational failures and human errors. He emphasized that the tooling required by DORA could significantly enhance the understanding of dependencies and risks and reduce the overall level of impact from disruptions. He pointed to a need for organizations to view risk management from a holistic perspective, considering not just adversarial threats but also internal operational aspects.
Mr. Capparelli suggested the idea of integrated compliance, focusing on the confluence of international standards, GDPR, and other relevant legislation. He stressed that organizations, particularly in the financial sector, should align their compliance strategies with best practices and legal obligations, which are now mandatory under DORA.
Creating a culture that embraces risk as an opportunity for governance and resilience is essential for today’s enterprise.
The panelists agreed on the importance of cultivating a robust culture addressing all facets of risk, backed by board-level initiatives. The pivotal takeaway was that the shift towards stringent compliance and resilience is not just a legal mandate but also an opportunity for organizations to undergo digital transformation and gain a strategic advantage.
DORA and other regulations are shaping a future where operational resilience, ICT compliance, privacy obligations, and risk management are intertwined. As organizations navigate this intricate landscape, the emphasis should be on strategic benefit, continuous risk assessment, innovation, and integrated compliance, culminating in a resilient, compliant, and progressive financial ecosystem.
Want to know more about how vArmour is automating the process? Request a demo.