iTWire: With the COVID-19 impact on us all, how has the risk landscape changed?
Pullen: As is the case with any crisis, it doesn't take long for malicious actors to get to work looking to take advantage of the unforeseen vulnerabilities that the pandemic has exposed.
iTWire: So, I assume there was a quick response…
Pullen: COVID-19 has undoubtedly forced businesses to adapt and adopt new processes and protocols far quicker than they would normally be expected to. With that in mind, organisations are forced to rethink their approach and are forced to commit resources as risk management has become more expansive and department-agnostic. The need for public health and safety updates at the global, national and municipal level in real time across functions has become business critical.
In addition to managing operational resilience in the "current normal," businesses are also assessing post-COVID business continuity planning and the tech-enabled steps that are required for success in the next reality.
iTWire: Are you suggesting there is no real 'correct' answer?
Pullen: Between reimagining the workforce with employees' increased appetite for remote working and keeping a pulse on the evolving, global economic environment, businesses now have to think critically about how they manage the new, ever-expanding risk landscape.
Obviously, no one has all the answers specifically, but the likelihood of businesses being able to manage this and act with confidence will depend on them having access to the right information in real time.
iTWire: Clearly, this will have some kind of ending… What will our environment look like when we all start to emerge from our 'cocoons?' What will the new normal be like? How different to the old normal will it be?
Pullen: This is the million-dollar question currently, with almost every business leader across the globe wondering the same thing. There are a number of different proposals being put forward - from looking at hybrid systems to staggered start times and shorter weeks.
iTWire: So, what's next?
Pullen: Times of crisis can drive innovation and this could be in the form of offices of the future being accelerated into use today - monitoring social distancing or voice commands to avoid touch, there will certainly be new practices and new risks to be considered for businesses and their own risk threshold and tolerance.
iTWire: So, from a risk perspective, what impact will an increase in work-from-home have?
The biggest issue from a risk perspective with employees working from home is undoubtedly IT security. Chief information-security officers (CISOs) and cybersecurity teams are now largely relied upon to manage the dual mission of supporting and protecting business continuity from a digital standpoint while also safeguarding employees and customers.
iTWire: VPNs, I assume…
Pullen: The level of cyber protection is often not suitable without the company VPN. With the majority of cyber breaches being a result of human error or compromised user credentials, it puts greater emphasis on employees. In the necessary rush for many companies to deploy remote working, security was unfortunately, an area that was often overlooked.
iTWire: so, will we be lovely new butterflies or the same old grubs?
Pullen: From an optimistic standpoint, there is an opportunity for businesses to rethink processes that may have seemed unthinkable a few months ago. This is the moment for dynamic and effective leadership. Leading decision-makers will shift from a dated day-to-day routine to looking to embrace new technologies and practices that can help future proof their business.
iTWire: So, it seems you're suggesting the grub is still in the chrysalis. I'm wondering though, how has risk evolved in the past decade? From a risk management perspective, who are the winners and the losers?
Pullen; The biggest change within risk management in the last few years is that progressive organisations are becoming far less siloed. Given that the surface area of risk has widened with the adoption of new technologies and elevated communication platforms, organisations are beginning to appreciate that they need to adopt proactive and collaborative measures to prepare for the unknown. Crucially, these measures involved not only those tasked with "risk management" in their job titles, but every team that is expected to mobilise in a crisis to ensure business continuity. For "winners", risk is now a collective responsibility within businesses.
iTWire: …and the losers?
Pullen: We can't truly label anyone 'winners and losers' considering that there certainly are far more unforeseen risks that can affect businesses in the post-COVID era that can have a substantial impact. You only have to look at the first half of this year in Australia to see how events can wreak havoc on businesses and how a number of organisations have been proven to be under-prepared to manage such issues.
The 24/7 news cycle and age of social media, blogs, podcasts and the array of platforms that now exist means that businesses need to be extremely well prepared when it comes to potential crises. Crisis preparedness is the new competitive advantage and has become a higher priority within businesses.
iTWire: With all that in mind, has COVID-19 simply accelerated the change, or taken it in a new direction?
Pullen: Both. While some crises may affect one or the other, this pandemic has forced organisations to pivot and evolve quickly in ways they likely never imagined. For example, we've seen organisations prioritise the adoption of certain technologies such as real-time data and restructure risk management from one team to dispersed responsibilities across functions.
iTWire: Dragging out your crystal ball, what does the future hold? Where are we going?
Pullen: As the surface area of risk widens, we will continue to see the responsibility for risk management more dispersed across organisations - not a siloed function. The potential impact a poor and/or disjointed risk management strategy, or lack of one, could have on a business is far too great for the responsibility to sit with one person or team.
We'll also see companies taking a more aggressive look at 'must have' technologies, for example. Communications tools, AI platforms and so on, versus 'nice to have' technologies. We've witnessed the gross importance for enterprises to have access to real-time data in the last six months -- I don't foresee that changing as the risk landscape continues to grow.
iTWire: So, finally, who is in control of this future?
Pullen: I mentioned earlier that we will start to truly see defining qualities of effective leadership across functions. It's these forward-thinking leaders that appreciate the core values of risk management that will continue to shape and protect their companies' future.
iTWire: Thanks for your time today.
Pullen: Thank you.