Transcript

Hello, this is Kevin Donahue with Protiviti welcoming you to a new edition of Powerful Insights and our series on cyber security awareness. Protiviti has a series of webinars on cyber security awareness that, along with these accompanying podcasts, are intended to highlight ways organisations can be proactive in addressing these critical security challenges. We explore how leaders can dynamically build cyber resilience while maximising value. In this series, I’m happy to be talking with our cyber security leaders who are speaking on our webinars and are in the market working with organisations addressing these challenges. Our webinars and other content on security and such are available at protiviti.com/security, which we invite you to visit and peruse.
With that, I’m happy to introduce my guests today. They are Andy Retrum and Doug Wilbert. Andy is a Managing Director with the Security and Privacy practise of Protiviti based in Chicago, while Doug is a Managing Director with our Risk and Compliance practise, and he’s based in New York City.
Andy, Doug, great to speak with you today.



Andy, and Doug, I’m going to ask you the same question. Let’s start off with a bit of a fun question here. Andy, how would your parents describe what you do for a living?


That sounds pretty familiar with what we’re hearing from our other experts too. Doug, how about you? How would your parents describe what you do?

I would say help financial institutions - they would just say banks because I don’t think they can discern the difference between them - when they get in regulatory trouble or help them avoid regulatory trouble as well.

Fair enough. That is very clear. Doug, you’re focused in the market on this area of operational resilience. Why is that field so important? Maybe start off with explaining what you see that to be.


Thanks, Doug. Andy, turning to you, what do you see as some of the common myths in this field of operational resilience?


Doug, building off of Andy’s rundown there, he mentioned there’s a broad lens that organisations have to take with regard to operational resilience. With everything they’re looking at in this realm right now, what do you see as the biggest challenge or some of the biggest challenges facing organisations and your clients right now?


Andy, I’m guessing my next question is related to Doug’s explanation there which was pretty thorough. When you’re talking to companies, what’s the one question you’re asked about most often, the kind of question among companies that are interested in operational resilience, and how do you answer that?


Doug, let me ask you this, big picture. With respect to operational resilience and everything that’s going on with it, inquiries and even through the regulatory side worldwide, what are you most curious about right now?


Hear, hear. Doug’s not alone in the curiosity around the pending regulations. I think many of us are in that same boat right now.

Let me ask you one final question here as we wrap things up. Andy, I’ll ask you to respond first but Doug, you can chime into this. Concerning these issues around operational resilience and what organisations are doing, what would you say is the most important step or the first step an organisation should take to start addressing them?

Sure, Kevin. I think in order to build resilience into the business services that you provide, and furthermore, test it and all those things, you need to have a clear understanding of what those services are and what the critical path of processes, systems and third parties are for that service. It sounds like a straightforward question, but it’s much harder to answer in many enterprises where you’ve got hundreds or thousands of business processes and the same amount of systems and you’ve got key third parties that are playing a role. In order to really build resilience, you need to have a clear understanding of what makes up a business service. That critical path - we sometimes call it front-to-back mapping of those services - is kind of a key foundational component of building resilience into it. So, I think if you’re just getting started along the path to resilience, that is one place that time should be spent.

