In its latest Global Risk Report (2022), the World Economic Forum highlighted the increased risk of supply chain disruptions as businesses increasingly outsource critical processes to third parties and continue to digitize physical supply chains. As stated in the report: “The digitalization of physical supply chains creates new vulnerabilities because those supply chains rely on technology providers and other third parties, which are also exposed to similar, potentially contagious, threats. Therefore, managing third-party risk is becoming more important than ever. In this article, we will out ..read more

This article is the first in a series on cyber crisis and cyber crisis management. In this article, we explore the definition of a cyber crisis, present two different perspectives and discuss to what extent a cyber crisis is different from other crises. What is a cyber crisis? Let’s start with a short and simple definition. A cyber crisis is a high impact, low probability event that is triggered by a cyber threat or incident. This definition is divided into three parts: Rare event High impact Triggered by a cyber threat or incident But what exactly are cyber threats and cyber incidents? The ..read more

Two weeks ago the World Economic Forum (WEF) published the 2022 version of its Global Risk Report. This report identifies global risk perceptions among risk experts and world leaders in business, government, and society. This article explores how crisis management capabilities can benefit from this and similar reports. What are risk and threat horizon scan reports? Several institutions publish a threat or risk report annually, of which the Business Continuity Institute (BCI) and the World Economic Forum (WEF) are the best known and most respected. Two weeks ago, the latter released its Global ..read more

In part 2 of this tutorial, you learn a 6-step approach for implementing third-party risk management (TPRM) within your organization. This article focuses third-party prioritization, due diligence, and risk monitoring. Third-party risk management is about managing risks introduced by 3rd parties In part 1 of this article, we defined third-party cyber risk management as a management process aimed at protecting your organization against all sorts of risks introduced by third parties. Nowadays, almost every organization is exposed to third-party risks. For instance, if you run a physical store ..read more

In this tutorial, you learn a 6-step approach for implementing third-party risk management (TPRM) within your organization. This approach can be used to manage any risks introduced to your organization by third parties, ranging from cyber to fraud and compliance risks. What is third-party risk management? Third-party risk management is defined as the management process of managing risks introduced to your organization by your organization’s vendors, suppliers, contractors, business partners, alliances, joint ventures, agents, etc. Basically, any outside actor that plays a significant part in ..read more

This article presents 20 key concepts that should be in the imaginary 'backpack' of every crisis manager. FORDEC FORDEC is a model which can be used to structure crisis management decision-making, especially in case there is sufficient time to make decisions. It stands for Facts (what is the problem), Options (what to do), Risks (what are the downside and update of each option), Decide (choose the best workable option), Execute (implement decision) and Check (verify if the decision is implemented and works according to plan). Related is the OODA-loop. OODA stands for Observe, Orient, Decide a ..read more

Security events can impact trust and reputation, but they can also have financial consequences. In this article, we discuss to what extent security events impact stock market prices of businesses. Cybersecurity events affect stock market prices In previous articles, we discussed evidence that shows that data breaches can be detrimental to customers’ trust and could have a positive or negative impact on the reputation of businesses. Yes, reputation can be improved when companies use the increased media attention that follows a data breach and demonstrate that they meet customers’ needs. But to ..read more

The evidence that a data breach can lead to a loss of customer trust is growing. This article sets out what we know about the relationship between data breaches, trust, and corporate reputation. It follows with a case study that shows how a data breach could influence trust. In the remainder of the article, we provide best practices for organizations on how they can regain customers' trust after a data breach. ? Definition of trust There are different definitions of the concept of trust. These definitions compromise at least two dimensions: the willingness to rely and the evaluation of the t ..read more

Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Enterprise Risk Management 6th Edition by Paul Hopkin Are you looking for an introduction to risk management? You should consider this book. This fifth edition of Fundamentals of Risk Management is a comprehensive introduction to commercial and business risk for students and risk professionals. Providing extensive coverage of the core frameworks of business continuity planning, enterprise risk management and project risk management, this is the definitive guide to dealing with the different types of risk an ..read more

In this tutorial, you learn how to conduct a basic but meaningful risk assessment for business continuity management purposes. There are many approaches to conducting a risk assessment. The method described in this tutorial does not require in-depth risk management knowledge, is specifically designed for business continuity purposes and is ISO 22301 compliant. Risk Assessment according to ISO 22301 According to the ISO 22301 (2019) the purpose of the risk assessment is “to enable the organization to assess the risks of prioritized activities being disrupted so that it can take appropriate act ..read more