Why do cars have brake pedals? And the answer is not always necessarily for the functional reason of bringing the car to a complete emergency stop.
It’s more psychological, it’s to allow the driver to go faster in the knowledge that if there’s a risk on the road ahead, that it is possible for them to take evasive action or slow down to better assess it. for it to come to a stop.
In this bite-sized episode we share with you 4 reasons why cyber risk management can be seen as that brake pedal to help businesses slow down to go faster towards driving business value.
[00:00:00] Andrew: Hi, everyone. Welcome to this. Week’s Monday memo. Hope you had a fantastic weekend and looking forward to the week ahead. And some thoughts you to consider that you might’ve heard this expression before. Why do cars actually have brake pedals? And the answer often isn’t so that they can come to a complete emergency stop.
[00:00:17] It’s not always about functional reasons. Sometimes it’s for psychological reasons. And we had a guest mentor on a few years ago who explained that ultimately. Having a brake pedal on the car, allowed the driver to have the confidence to go faster in the knowledge that F a or anticipate a risk came up, that they could use the brake pedal to slow down to better assess it.
[00:00:41] And that analogy was also used by guest mentor. We had on recently when we were talking about, so cyber security risk management and cybersecurity, probably wasn’t much of a consideration for us as accountants and finance professionals say 10 years ago, 20 years ago, but it’s become much more prevalent lately.
[00:01:02] I was checking out some statistics on this and one bit of research out of the U S was suggested not two out of three consumers would be very worried about being impacted
[00:01:12] by a cyber attack. And actually even where. Where we live here in Ireland,
[00:01:17] our national health service was actually impacted with a ransomware attack. And that’s the cyber risk management expert we had on the show. Kip Boyle said these are talkers are often a moral.
[00:01:27] I don’t even find that in account. And we should be very worried. In fact, too we talked about one story on the show.
[00:01:33] Which related to the fake president emailed scam. And it’s where an accounts payable person had paid out a song to a
[00:01:40] and the talker who was pretending to be the president of that company. And ultimately what happened, the precedent lost their job..
[00:01:47] The accounts payable person lost their job. And also the CFO lost their job. Plus the jobs of everyone else in the company put at risk because the company reported is , rather a large loss that year as well. So it’s very much something that should be. An area perhaps where we maybe need to touch the brake pedal on and finance, because we’ve got that broad visibility across our organizations.
[00:02:10] We’ve accessed the data. We’ve the tray trading to maybe assess the financial impacts of some of these risks. We might need a model or a way of explaining how having that brake pedal so that we can slow down, do some cyber risk management, which allows us to go faster towards driving business value in the future.
[00:02:29] And keep shared with us this idea of his four dimensional model on how to drive business value, which cyber risk management at night touch on it very quickly here. I will share the links to it so you can see it in more detail. The first dimension of KIPP’s business value model, when it comes to cyber risk management is making sure that we’ve got
[00:02:49] and increased reliability of our operations. So that we put in place the right mechanisms to ensure that we’ve got good data integrity. Our data is not being misrepresented by talkers or terrorists that even in case of a disaster or run some more doctors, a fast, faster recovery so that our operations are less impacted. There was one example. We discussed actually about two logistics companies.
[00:03:14] Whereas , they both impacted by the same attacker,
[00:03:18] which went in and deleted Daysha from the company’s operational systems, but one was able to recover much faster and therefore was less impacted by it. A dealer business was almost brought to it.
[00:03:32] So that’s one dimension. The other one is just legal risk mitigation. So making sure that there’s full compliance with external regulators, there’s a lot of talk in Europe around GDPR regulations, and there’s also the California in laws that said fairly high standards about protecting Daisha and avoiding.
[00:03:51] And eco risk to having the right Judith diligence in place and processes and policies in place to protect data, to avoid legal risks. And I come off of the back of cyber attacks, also the technical ones. So making sure that again, as does the proper authorization. Around access to a company’s data and infrastructure that in case of an attack or a risk re being realized, people move between companies. So when one expert moves on or someone who understands something moves on making sure the next person in place understands what their jobs is. So having a business continuity plan in place. To ensure continued technical risk mitigation. Trustworthiness is another thing as well.
[00:04:37] It’s probably a nice feeling. Knowing that you’ve done everything you can to mitigate technical risks allows you to sleep better at night. And just on that trustworthiness. As a consumer. I know myself, if I was doing business with a company that suffered a cyber talking, potentially let my data out.
[00:04:56] I will be much less inclined to be doing business with them in the future because they perhaps didn’t put the right technical standards in place to protect something that was quite precious to me. A lot by credit card, details or something like that. And again, I think the saying goes across business to businesses.
[00:05:12] And then finally if you take all those three dimensions into play, there’s a fourth one, which is the financial returns. So the potential cost savings are potentially risk mitigated savings as well. You could look at, from the cyber risk management from doing a property, there’s also.
[00:05:30] A better brand image or potentially a competitive differentiation relative to say a tax. Again, like the one I mentioned with the logistics company,
[00:05:39] where if customers can get, say their mail or their parcels delivered to where they want them to, because the logistics company has lost their information or had it deleted, then they’re going to take their business elsewhere. , and there’s no guarantee they’ll ever go back to the previous company that had been impacted.
[00:05:58] And also, having that consciousness or culture around cyber risk management within organizations and awareness, particularly around those phishing scams and those emails that come in. Should lead to better decisions being taken across the whole organization, going forward, which again, will drive better financial returns into the future.
[00:06:16] So if there’s a case of evaluating an investment in and hiring more salespeople to drive more sales, so you plant or equipment to drive a better operational productivity or your. Whether or not the money should be set aside in cyber risk management. At least you’ve got four dimensions now to perhaps consider thanks to KIPP,
[00:06:35] and I thought it was important to share with those with your today on these Monday on this Monday memo.
[00:06:40] And that’s why we invite guest mentors like Kip onto the show to share with you. They’re key learnings, their insights, the knowledge that they’ve distilled over the years into useful ways for us to, to leverage. That’s why helping them deconstruct it for us and so usable format so we can follow it and use it and apply.
[00:06:59] It allows us to turn that knowledge into wisdom that all of us can benefit from
[00:07:04] sort of Hope you enjoyed this week’s episode. If you did, please remember to share with your friends in college. You can subscribe on all the major platforms, iTunes, Stitcher, SoundCloud, YouTube, Spotify, and Amazon music. And as always, we really appreciate you tuning in today. So until next time, take care of yourself, stay safe and let’s keep on building our strength in the numbers.