Bob Kolasky

60 seconds with Bob Kolasky

60 seconds with Bob Kolasky

"Cyber risk management’s future must be intertwined with overall enterprise risk management practices."

Digital transformation continues to revolutionize the financial services industry, creating efficiencies and product innovation as well as radically changing the operational risk ecosystem. Critical infrastructure risk specialist Bob Kolasky offers his advice on rethinking supply chain risk, managing the threats introduced by critical software and hardware, and taking a broader view of enterprise risk management.

 

What’s keeping you awake at night?

I always like to reframe this question in terms of what is getting me out of bed in the morning. In this case the risk that has me most motivated to address is supply chain risk that comes from intentional and unintentional flaws and vulnerabilities in hardware and software.  Entities rely so heavily on digitalization and connectivity for business success and if they cannot trust that the critical software and hardware, they rely on isn’t introducing significant new risk to their operations, then they are unduly exposed.  Securely designed, developed, and maintained software and hardware is essential but it remains hard to have full visibility of suppliers and confidence of security of products.         

 

How do you envisage the future of cyber risk management?

Cyber risk management’s future must be intertwined with overall enterprise risk management practices.  Cyber risk needs to be viewed as a fundamental risk to the success and operations of any entity and treated as such.  This, of course, means involvement of the entirety of the C-Suite and Board-level oversight.  What I also hope, however, is that cyber is not just treated as a risk to be managed -- or transferred -- but as a risk to be mitigated.  Governments are increasingly demanding enhanced security and developing real outcome-based metrics associated with cyber risk are crucial.    

 

What advice would you offer to organisations rethinking their approach to cyber risk management?

Don’t overcomplicate things.  Develop a framework for evaluating the most crucial parts of your enterprise and their exposure to cyber risk and set priorities when criticality and technology overlap.  There are tools out there to address those priorities at this point and the most important thing is aligning priorities to investment and tracking outcomes. This needs to be a continuous process and there needs to be a way to ensure spend creates results. 

 

Join Bob as he discusses Third party risk management as a crucial part of cyber risk puzzle at the upcoming Cyber Risk Summit Boston (April 13).