Preparing for the unexpected may be a contradiction in terms, but for financial firms it is essential for survival. The sector has long been a target for threat actors, given that this is where the world’s money is. And as the financial ecosystem becomes increasingly interconnected, threats to its security and resilience are rapidly evolving and increasing.
Operational resilience is not just about responding with agility to risks but also maintaining continuity of operations with minimal or — even better — no disruptions. So, whereas cybersecurity is about preventing and defending against cyberattacks, resilience focuses on sustaining operations despite attacks.
Recognizing the necessity of operational resilience, regulators are emphasizing the need to be prepared for unforeseen incidents. A prominent example is the EU’s Digital Operational Resilience Act (DORA), which provides a framework for the finance industry to detect, prevent, contain, and recover from attacks associated with information and communication technology (ICT).
Operational Resilience: Beyond Business Continuity
Keeping a business running is not a new concept. Business continuity management and disaster response are well-developed functions within financial firms. But while business continuity focuses on ensuring smooth handling of disruptions when they occur, operational resilience goes beyond that. It is a proactive approach to ensuring reliability of digital systems no matter what happens. This sense of reliability is critical to maintaining public trust in the global financial system.
Operational resilience is by no means easy to achieve. However, there are definite steps that firms can take to begin their journey. The first step is to get a holistic view of the risk landscape; a comprehensive assessment of operations, interconnections, and continuity requirements. Once this is done, the fundamental principles of operational resilience can form the building blocks of a future-ready strategy, depending on the size, complexity, and role of your organization in the overall financial ecosystem.
Here’s what an action plan might look like:
Identify Internal and External Risks
Put a Response Strategy in Place
Be Ready to Take Action
Becoming Future-Ready in a Globalized World
The financial sector is better able to navigate an increasingly complex world with a proactive approach to operational resilience. Operational resilience helps reduce the cost of disruptions, improve resource allocation efficiency, and ensure agility in responding to emerging market opportunities. It is critical to maintaining, and indeed, enhancing customer trust and loyalty in a world where cyber incidents are daily front-page news. And of course, regulators are demanding it.
No firm can achieve operational resilience purely on its own. Intelligence sharing within the global financial community helps firms understand current and emerging threats and learn how others are mitigating them. It keeps larger institutions at the forefront of cybersecurity while arming smaller firms with knowledge and tools to protect themselves. It is so critical to operational resilience that DORA dedicates an entire article to it.
Beyond regulation, the public sector is also increasingly collaborating with the private sector to protect critical infrastructure, which includes the financial sector. Around the world, organizations including the US Treasury Department’s Hamilton Series and NATO’s Locked Shields regularly conduct large-scale exercises to test that communication and coordination channels will function efficiently during major incidents. The goal is not only to minimize operational disruption but to proactively maintain public calm and trust.
Operational risks are no longer geographically bound. Cross-border intelligence sharing and exercises help financial institutions build a comprehensive approach to operational resilience. When you are prepared for the unexpected, it not only enables you to act from a position of confidence and strength but also fosters trust and confidence from stakeholders necessary to long-term business success.