Quantification of cyber, ESG and operational resilience risk


MetricStream outlines several risk management trends and forecasts that companies should watch for in 2022.

The global integrated risk management (IRM) and governance, risk management and compliance (GRC) firm says the past 18 months have marked a turning point with renewed interest in companies to reassess their GRC capabilities under challenging conditions. ever-changing market.

A recent Deloitte survey found that 84% of financial services firms in Asia Pacific aim to improve existing resilience plans, with 88% saying they conduct or plan to conduct frequent simulation exercises.

“Based on recent events, 2022 will usher in a distinct focus on risk management and resilience driven by three key drivers: cyber risk quantification with GRC, environment, social and governance (ESG), as well as operational resilience,” said MetricStream senior vice president and general manager, APAC, Aravind Varadharajan.

Cyber ​​risk quantification

According to IDC, investment in security-related products and services is expected to grow at a five-year CAGR of 13.3% and reach US$35 billion by 2024 in Asia Pacific. This is due to the exponential increase in the sophistication of cybercrime. The numbers indicate that many companies are still using traditional or outdated processes to assess cyber risk.

“For too long, chief risk officers (CROs) and chief information security officers (CISOs) have been dependent on heatmaps or high/medium/low risk scores to measure risk,” says Varadharajan. “Going forward, companies should integrate a full suite of digital GRC tools to measure impact in quantifiable terms.”

MetricStream believes that many companies will likely phase out traditional risk assessment measurement tools in 2022 and instead adopt advanced cyber risk quantification tools for accurate measurements of a company’s risk appetite by assigning monetary value. These tools can allow the company to measure, manage and see risks in a holistic way in order to obtain valuable information. With this knowledge, risk and security professionals can justify investments to management and board members in quantifiable terms.

Environment, social and governance

ESG is becoming increasingly important for many companies across all sectors in the region. According to the 11th annual EY/IIF Global Banking Risk Management Survey, 100% of Asia-Pacific CROs recognize climate change as a top risk requiring their utmost attention, compared to 49% globally. By comparison, European organizations widely touted as leaders in ESG action have resorted to client abandonment to avoid ESG risk costs.

Companies need to incorporate an element of ESG risk management to overcome its cost, and this is an emerging area of ​​governance, risk and compliance (GRC). In 2022, MetricStream indicates that implementing an ESG-compliant GRC strategy will take priority among companies to accurately measure and report ESG scores.

Operational resilience

Businesses that weather the storm in an ever-changing environment do so by having plans in place ahead of the next crisis. Spearheading this movement, authoritative bodies in the region have started to embrace operational resilience requirements within the financial sector with numerous regulations and guidelines.

According to MetricStream, adopting an effective GRC strategy to streamline data from various sources across the enterprise ensures that leaders will be on the right path to managing, accepting, and ultimately thriving through risk in 2022.


About Author

Comments are closed.