Vertical Markets

Operational resilience

by Mark Rowe

Regardless of sector, businesses should use the financial services regulator the Financial Conduct Authority (FCA) and Bank of England’s (BoE, pictured) recent recommendations to improve operational resilience, according to Peter Groucutt, managing director of Databarracks, a business continuity and IT disaster recovery provider.

The FCA and Bank issued a discussion paper aimed at financial services and operational resilience of firms and the financial market infrastructures (FMIs). Groucutt says: “The financial sector leads in business continuity best practice. It is well regulated and requires high levels of uptime. The best practices introduced by the sector are often taken and more widely adopted by other industries. Our recent Data Health Check research which surveyed over 400 IT decision-makers revealed 64 per cent of financial firms have tested their disaster recovery processes in the last 12 months compared to only 47 per cent amongst other industries.

“Banks and FMIs have recently been in the headlines due to TSB’s problematic systems – upgrade and Visa’s network outage. The BoE and FCA have issued the paper to generate debate and understand what can be done to reduce operational disruption. But many of the challenges it highlights are broadly applicable beyond just the financial sector.

“All organisations are dealing with growing cyber incidents and cost pressures. All organisations have increased customer demands for accessibility and speed of transactions. All industries are facing disruption by AI and distributed ledger technologies. The challenges and questions the BoE and FCA raise are relevant to all industries. The report provides sound advice for firms to take on board regardless of whatever industry they operate in.”

“Notably, setting board-approved impact tolerances is an excellent suggestion. This describes the amount of disruption a firm can tolerate and helps senior management prioritise their investment decisions preparing for incidents. This is fundamental to all good continuity planning; particularly as new technologies emerge, and customer demand for instant access for information intensifies. These tolerances are essential for defining how a business builds its operational practices. It’s something that needs to be regularly reviewed and tested as tolerances change.

“Focusing on business services rather than systems is a good recommendation and one we strongly agree with. Designing your systems and processes on the assumption that there will be disruptions – but ensuring that you can continue to deliver business services is key.

“It’s also pleasing to see the report highlight the increased concentration of risk due to a limited number of tech providers. This is particularly prevalent in the financial sector for payment systems, but again there are parallels for other industries and technologies. In cloud computing, for example, we’re reaching a state of oligopoly, with the market dominated by a small number of key players. For the end-user, it can lead to a heavy reliance on a single company. This poses a significant risk to your organisation. Yes, these public cloud services allow you to build resilience in by using multiple locations and regions, but you should also aim to limit single-supplier risk.”

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing