Tech supplier concentration increases risk of downtime - Control Risks

Control Risks released their predictions for the top business risks for 2025, calling out Digital Concentration Risk as companies outsource their specialist IT services to external providers, such as cloud and security. “The concentration of risk in centralised technological ecosystems in a worsening threat landscape will be a top risk for organisations in 2025.” Global technology disruptions such as the July 2024 Crowdstrike outages shows how human error or system misconfigurations can create a correlated industry-wide impact to customer organisations. And as these companies pass control to external tech vendors, they may be losing the in-house skills needed to respond to future incidents and outages. ...

December 8, 2024 Â· 1 min Â· Graeme

Cyber Resilience Assessment Framework 2.0 (HKMA)

Context For technology and risk professionals working within Hong Kong’s banking sector, the C-RAF is the inevitable baseline for cyber compliance. Understanding its structure is not just a regulatory requirement for the institution, but a core competency for those managing governance or operational risk. This note outlines the framework’s architecture and the regulator’s expectations. The Cyber Resilience Assessment Framework (C-RAF) is the mechanism by which the Hong Kong Monetary Authority (HKMA) measures the cyber maturity of Authorised Institutions (AIs). ...

2 min Â· Graeme Milroy

Cyber Resilience Frameworks: From Defence to Continuity

Context For the technical specialist transitioning into management, the governance landscape can appear broad and fragmented. However, distinguishing between mere security controls and broader resilience is a fundamental competency for the modern leader. This article outlines the primary frameworks available to the Cyber practitioner, helping you select the appropriate structure to support both operational stability and regulatory compliance. It is no longer sufficient to focus solely on securing the organisation. The current operating environment requires a shift towards Cyber Resilience. ...

4 min

Digital Operational Resilience Act (DORA)

The EU Digital Operational Resilience Act (DORA) aims to ensure the resilience of digital services in the financial sector and prevent and mitigate cyber threats. Further reading Digital finance: Council adopts Digital Operational Resilience Act | European Council Operational Resilience: It’s a global issue | The International Banker Operational resilience in the UK, EU and US: A comparison | White and Case Operational Resilience | Herbert Smith Freehills Principles for Operational Resilience | BIS The EU’s Digital Operational Resilience Act for financial services | Deloitte Introducing the Digital Operational Resilience Act | PwC Related pages Operational Resilience OR-2 | HKMA

1 min

Single Point of Failure

A single point of failure, in the context of operational resilience, can be defined as a component that, if it fails, will cause the entire system to fail. This makes it a critical vulnerability that needs to be remediated to ensure the availability and reliability of the system overall. Further reading Single Point of Failure - Wikipedia

1 min