Society is currently witnessing a time of constant change that shapes the way each of us behaves as individuals in society. It is likely that, in the future, our time will be studied as the point at which the contemporary age gave way to the new digital era. The catalysts of this change are new technologies. In recent years, they have been changing the behavior, habits, customs and even the social rules we follow as individuals.
However, unlike past inventions or technologies, these new technologies are being assimilated faster and more simply by the average person. As a result, most companies have to quickly adapt their services and products to their users’ demand for technology. Consequently, new technologies are expanding and consolidating quickly.
At the moment, all companies base their operational models on technology. Their processes are no longer a series of people, systems and information that interact to make companies work. Just like companies can’t work without people, they can’t work without technology. However, even though it is very unlikely that an event may threat everyone in a company, the risks that can affect technology as a whole are a constant presence in our midst.
Also, in our hyperconnected world, these risks can move across borders as quickly as the systems communicate among themselves . This means that the risks to which a company is exposed in a specific corner of the world may quickly affect other companies and spread to the digital ecosystem, resulting in a systemic failure.
In turn, companies and governments are fully responsible for current well-being since this is based on the services they provide. As a consequence, both companies and governments must define strategies for managing technology risks in view of protecting their correct operation. These strategies must address the following:
• Preventive measures: that reduce the likelihood of security incidents. This includes implementing technical measures such as firewalls, antivirus, protection systems against advanced attacks, pen tests, security patches, etc. And non-technical measures such as security methodologies and architectures, redundant systems, access management in applications, etc.
• Reactive measures: that limit the impact of a security incident on an organization. These measures include security incident response teams that watch an organization’s networks and systems and act when necessary. Or preparing of drills or crisis scenarios, or business continuity plans.
• Organizational measures: that coordinate technical and non-technical measures and reactive and preventive measures and align them with the company’s circumstances and situation, sector and clients, shareholder requirements and role in society.
As with all risk scenarios, insurance is a key element in supporting organizations. However, it does not act as a mere risk transfer tool. It helps to balance and ensure the consistency of the measures adopted by companies, supports their sustainability and evolves with the risks they face.
By Daniel Largacha Lamela, MAPFRE Corporate Security and Environment Area.