Business Risk Services

Technology risk resilience

Sara McAllister
insight featured image
2021, just like its predecessor, was a year of change and challenge. A year of firsts, and in many cases ‘making do’s’ just to get over the day to day and cope.

The continuance of the fundamental shift in work practices which we saw as a result of the pandemic, this coupled with significant business transformation agendas and a pace of technology change that is continuing to rise, has made for an often less than ideal balancing act and one that has tested the resilience of every aspect of every organisation.

As we move forward, it is of critical importance that organisations arrive at a sustainable business model with a particular focus on the operational, commercial and technological aspects. Businesses will face difficulty in addressing IT risk alongside managing sizeable IT transformation agendas and balancing commercial recovery and growth.

Strategic resilience is of foremost importance, that said the pressure to adopt emerging technologies and embrace automation in an attempt to reduce costs and improve profitability continues. Cloud deployments are continuing recent trends and are continuing to increase dramatically, most notably in light of the pandemic and with it brings yet another fundamental pivot in how organisations function and how IT risk must be actively managed and addressed.


Implementation of a robust cloud strategy that outlines a framework and roadmap for deploying organisational plans and related cloud architecture is essential. A strong cloud strategy is underpinned by a comprehensive risk assessment that informs key factors such as security, availability and confidentiality priorities. Deploying strong governance, risk and control protocols to enable the business is also of foremost importance, and ensuring transparency and accountability between the organisation and its cloud outsourced provider again should not be assumed or taken for granted.

Automation (AI)

There has been a significant level of growth in the amount of data which is being captured, processed and stored by organisations. This growth has increased the demand for timely and accurate analysis of large amounts of data in an effort to increase tangible business value. The vast majority of businesses are investing in novel technologies such as robotic process automation, big data, predictive analytics, machine learning, and artificial intelligence (AI) in an effort to increase efficiencies and to automate workloads and interrogate and analyse data at scale. Managing the risks associated with these deployments is proving to be challenging for businesses, we have found that most businesses require subject matter expertise to help implement the governance, risk and control considerations that are necessary to underpin an automation program lifecycle. Traditional IT risks that centre around access management, change management, incident management and business continuity all need to be viewed holistically when it comes to the automation journey, from inception and ‘go live’ thru to de-commissioning.

Cyber & Data Protection

The ever increasing complexity of business models, their jurisdictional footprints, disparate work forces and high volume of data that they handle and process, gives rise to sizeable cyber and data protection risks. New and inventive ways to undermine a business by way of a cyber-attack are manifesting daily. Organisations already struggle to keep pace with what they are faced with from a cyber-threat perspective.

As businesses evolve at pace, the realm of cybersecurity and data protection can be difficult to keep on top of. An intimate knowledge of business IT infrastructure, business processes and data classification capabilities will be to the fore in tackling this risk universe as it continues morph. We have seen recently that cyber skillsets and subject matter expertise are at a premium. Getting the right advice when it comes to arriving at a best-fit IT strategy that will enable your business to grow and develop will be essential. Cyber and data management will play a larger and larger role in an organisations over - arching IT strategy as we move forward.

Third Party

Recently, businesses are displaying a far greater reliance on third-party technology suppliers to deliver business-critical products and services to their clients and customers. Businesses should employ a clearly defined a defined strategy for the selection, approval, and management of third parties. As we progress, we expect technology will continue to drive the large extent of business transformation and change agendas. Allied to this, we expect the use of third parties to increase and businesses will be required to adequately manage the outsourcing life cycle.

Organisations need to be pragmatic on how they are going to identify, monitor, and manage their third-party risks, for both remote workers and third-party service providers. It is clear based on recent news stories concerning the availability, security and confidentiality of data, that the third party risk management approach which is deployed currently by businesses needs to be enhanced. Robust vendor risk assessment, vendor cyber resiliency reviews and assessing vendor contract compliance are all ways a business can help itself in addressing the plethora of risks involved in the management of IT operations and infrastructure both currently and in the future.

Transformation & Agility

High quality, timely and secure code is a critical element of an organisations transformation agenda. IT teams must strive to achieve the optimum risk reward model in relation to DevOps and SDLC. Furthermore, IT teams will need to be forever vigilant when managing access controls and segregation of duty concerns, as greater levels of agility are being forced upon them by the business.

Many businesses are still struggling to come to terms with the correct balance between ‘on-site’ office working and remote working dynamics. This has created a need to review the capacity of IT service management to address end-user issues in both respects and most especially related to a continuing “at home” IT environment.

Balancing the risk reward considerations of a ‘best fit’ target operating model and required changes to business continuity and disaster recovery plans will also require attention given the greater level of agility now expected from businesses.

Operational resiliency is the keystone in meeting and exceeding the expectations of customers, business partners, customers, and investors. Whether on premises or in the cloud, IT resiliency is the continuous ability to adapt to planned or unplanned events whilst maintaining continuous service and operations to customers. Preparedness is the most effective tool for businesses to achieve their best levels of operational resiliency . An annual comprehensive review of dependencies on cloud providers, third parties, legacy systems, recovery capabilities and ransomware resiliency will best inform up to date business impact assessments and communication plans that wholly align to a new target operating model underpinned by real change, transformation and agility.