People@Work

The growing role of the Chief Risk Officer

Chitra Narayanan | Updated on November 04, 2020 Published on November 04, 2020

Hacker using laptop. Hacking the Internet.   -  scyther5

Is it time to have a national hotline for cyber crimes too?

Last month, drug maker Dr Reddy’s, which is in the Covid-19 vaccine race, faced a scary cyber attack. In fact, during the pandemic, cyber attacks on companies have gone up as ‘work from home’ scenarios have increased vulnerabilities. Life Sciences and financial firms face growing risk.

This is why the role of the Chief Risk Officer (CRO) will assume huge importance in the new way of working. And this will be a role quite different from the current one wherein the CIO doubles up as the CRO, says Shree Parthasarathy, Deloitte India’s National Leader for cyber risk and security.

As he points out, “The whole gamut of controls have gone for a toss with the ‘work from anywhere’ landscape. Operating models have changed.”

Four big changes

The four big changes, if you peel the layers, are the employee, the facility, the technology and the process, he says. In the new way of working, how do you ensure that the new candidate you have on-boarded virtually has imbibed the culture of the organisation? As for the facility, now that it has moved from the office to the café, the home, or even the resort, how do you ensure it is secure? Monitoring technology in the remote way of working will have to be different as the old ways of providing access may not be adequate. And, finally, the process and control too will change.

However, if you look at the governance structures, the employee comes under the purview of the CHRO, the second would come under the facilities head, the technology is the CIO’s department, and the fourth could be the compliance officer’s responsibility.

So either you have a CRO whose responsibility includes parts of all four, or you could have a committee overseeing risks. Different structures and models will emerge in different companies. But Parthasarathy says that in the education space, at least, the demand for a CRO has gone up.

A valid point made by Parthasarathy is that in the event of a cyber attack, most employees do not know how to respond, or whom to call. Unlike a health emergency or a theft case, where you have emergency numbers you can instantly dial, cyber crimes don’t have a national hotline. Perhaps, it is time for one.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on November 04, 2020
This article is closed for comments.
Please Email the Editor