Mike Trovato Ernst & Young: The Value Proposition for Organisational Resilience


Published on

Mike Trovato, Partner, Advanced Security Centre, Ernst & Young delivered this presentation at the 2013 Corporate Cyber Security Summit. The event examined cyber threats to Australia’s private sector and focussed on solutions and counter cyber-attacks. For more information about the event, please visit the conference website http://www.informa.com.au/cybersecurityconference

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mike Trovato Ernst & Young: The Value Proposition for Organisational Resilience

  1. 1. The value proposition for organisational resilience Corporate Cyber Security Summit Mike Trovato Asia Pacific Security Leader 13 November 2013
  2. 2. Agenda ► ► ► ► ► ► ► Introducing our research Why Organisational Resilience (OR) has emerged Relationship of OR and management strategies Principal concepts and attributes of OR Cyber security and resilience Value of resilience for cyber security Summarising Page 2
  3. 3. Introducing our research ► Critical Infrastructure Resilience Strategy (2010) led by the Commonwealth Attorney-General’s Department ► ► ► ► Strategic Imperative #2 – Develop an Organisational Resilience Body of Knowledge Research paper 1: CEO perspectives on organisational resilience (2012) Value proposition for OR for business and society needed 2012-13 research with the Commonwealth AttorneyGeneral’s Department - ‘Organisational Resilience: The relationship with risk related corporate strategies’ (2013) ► ► Page 3 Global Practice insights Extensive literature review
  4. 4. Why Organisational Resilience has emerged ► Volatility of the economic and demographic environment ► Velocity of innovation and information ► Visibility into everything that organisations do Page 4
  5. 5. Why Organisational Resilience has emerged Economic & demographic volatility Financial uncertainty and instability Emerging middle class in developing markets Complexity of networks Scarcity / imbalance of resources / political instability Intensification of global competition Plans need to be aggressive but risk adjusted Page 5
  6. 6. Why Organisational Resilience has emerged Velocity of innovation and information Market awareness and responsiveness is crucial Speed to market Virtual world with access to information anywhere anytime Innovation is expected Brand movement 60% of global population with access to smart devices by 2030 Knowledge of alternatives Need to be able to move quickly and carefully Page 6
  7. 7. Why Organisational Resilience has emerged Visibility into everything Unprecedented access to information Unrestricted global boundaries Global village causing blurred lines Visibility is global For the informed customer everything is contextual Sustainability Need to be authentic Accountability Reputation needs to be real and managed Page 7
  8. 8. Why Organisational Resilience has emerged The opportunity ► These forces creates enormous opportunities and daunting challenges for government and business ► Risk and opportunities must be carefully balanced. ► Grow and profit/manage costs ► Protect performance ► Innovate continuously ► Optimise performance ► All these elements are uniquely combined in the organisational resilience approach. Unlike traditional approaches, OR balances these “protect” and “perform” – focused approaches and strategies ► Page 8
  9. 9. Why Organisational Resilience has emerged The opportunity ► There are many strategies and approaches to select from which align with and support organisational resilience ► Selection of “perform” and “protect” focused strategies and approaches consistent with the organisational context – internal and external Figure 1: The Perform / Protect Matrix Page 9
  10. 10. Relationship of OR and corporate strategies Figure 2 Figure 2: The domain of risks includes ‘foreseeable’ and ‘unforseeable’ risks Figure 3: The Ernst & Young BCM Model Page 10 Figure 3
  11. 11. Principal Concepts of OR Figure 4: Principal concepts of resilience (identified through research commissioned by the Commonwealth Attorney-General’s Department). Page 11
  12. 12. Principal Concepts of OR Figure 5 ► ► ► Resist disruptive influences to Business As Usual React effectively when threats materialise Reshape internal and external environments for growth Figure 5: Resist, React, Reshape – core components of OR. Page 12
  13. 13. Value of OR in practice Figure 6: Four key attributes of OR. Page 13
  14. 14. 2013 EY Global Information Security Survey Clients are moving in the right direction Know Reactive ► Awareness Proactive ► Improving – their defences for cyber attack Expanding – taking bolder steps Innovating – continuously review, rethink and potentially redesign their security framework Behavior ► Page 14 EY Global Information Security Survey 2013 Don’t know
  15. 15. Cybersecurity and resilience Awareness of cyber threats propels improvements…. The leaps that organizations are making The steps that organizations still need to take Organizations are investing more in information security Information security departments are still feeling the pinch Organizations are shifting their focus from operations and maintenance to improving and innovating Despite the security improvements organizations have made, many remain exposed Page 15 EY’s Global Information Security Survey 2013
  16. 16. Cybersecurity and resilience Threats continue to increase, driving bolder actions The leaps that organizations are making The steps that organizations still need to take Organizations demonstrate alignment among strategies and drivers A lack of alignment in other critical areas is still too common Efforts to improve cyber security programs are growing Threats are growing too, often at a faster pace Page 16 EY’s Global Information Security Survey 2013
  17. 17. Value of OR in practice Resilience & Cybersecurity – bringing it together Business As Usual •Resilience leadership Commits to continuous improvement and resilient practices for BAU • Resilience culture Commitment to excellence and efficient operations at the micro level. Mindful work • Change readiness Avoids shortcuts, adapts to minor changes and failures of process, detects anomalies Page 17 Change and adapt •Resilience leadership Continuous, visible top-level non-routine crisis management • Resilience culture Motivated actions by committed individuals •Resilience partnerships Collaboration to solve technical problems and respond to disaster Shape the environment • Resilience leadership Long term adaption / complex adaptive systems • Resilience culture ‘One-in, all-in’ enthusiasm for challenge, innovation and risk taking • Change readiness People who innovate through trust and teaming.
  18. 18. Summarising ► Organisational Resilience meets the needs of businesses that must : ► ► ► ► Organisational Resilience is an outcome not a system. This means: ► ► Page 18 Focus on taking risks intelligently in a world of increasing volatility, velocity, and visibility Must be organisationally ‘ambidextrous’ – must innovate for growth while protecting operations Rely on the committed, focused capabilities of all team members to achieve long term prosperity and success It complements proven risk management methodologies Leverages new and existing strategies to drive agile responses to threat and opportunity, wherever it occurs.
  19. 19. AG Organisational Resilience EY 2013 Global Information Security Survey Page 19
  20. 20. Thank you