Last month, drug maker Dr Reddy’s, which is in the Covid-19 vaccine race, faced a scary cyber attack. In fact, during the pandemic, cyber attacks on companies have gone up as ‘work from home’ scenarios have increased vulnerabilities. Life Sciences and financial firms face growing risk.
This is why the role of the Chief Risk Officer (CRO) will assume huge importance in the new way of working. And this will be a role quite different from the current one wherein the CIO doubles up as the CRO, says Shree Parthasarathy, Deloitte India’s National Leader for cyber risk and security.
As he points out, “The whole gamut of controls have gone for a toss with the ‘work from anywhere’ landscape. Operating models have changed.”
Four big changes
The four big changes, if you peel the layers, are the employee, the facility, the technology and the process, he says. In the new way of working, how do you ensure that the new candidate you have on-boarded virtually has imbibed the culture of the organisation? As for the facility, now that it has moved from the office to the café, the home, or even the resort, how do you ensure it is secure? Monitoring technology in the remote way of working will have to be different as the old ways of providing access may not be adequate. And, finally, the process and control too will change.
However, if you look at the governance structures, the employee comes under the purview of the CHRO, the second would come under the facilities head, the technology is the CIO’s department, and the fourth could be the compliance officer’s responsibility.
So either you have a CRO whose responsibility includes parts of all four, or you could have a committee overseeing risks. Different structures and models will emerge in different companies. But Parthasarathy says that in the education space, at least, the demand for a CRO has gone up.
A valid point made by Parthasarathy is that in the event of a cyber attack, most employees do not know how to respond, or whom to call. Unlike a health emergency or a theft case, where you have emergency numbers you can instantly dial, cyber crimes don’t have a national hotline. Perhaps, it is time for one.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.