Emerging IT Risks: Insights from German Banking
- PDF / 412,652 Bytes
- 28 Pages / 481.89 x 694.488 pts Page_size
- 26 Downloads / 216 Views
Emerging IT Risks: Insights from German Banking Simon Ashbya, Trevor Buckb, Stephanie No¨th-Zahnc and Thomas Peisld a
Plymouth Business School, University of Plymouth, Drakes Circus, Plymouth PL4 8AA, UK. E-mail: [email protected] b Adam Smith Business School, Glasgow University, Glasgow G12 8QQ, UK. E-mail: [email protected] c Edinburgh Napier University, Edinburgh, UK. E-mail: [email protected] d Am Stadtpark 20, 81243 Munich, Germany. E-mail: [email protected]
How do German banks manage the emerging risks stemming from IT innovations such as cyber risk? With a focus on process, roles and responsibilities, field data from ten banks participating in the 2014 ECB stress test were collected by interviewing IT managers, risk managers and external experts. Current procedures for handling emerging risks in German banks were identified from the interviews and analysed, guided by the extant literature. A clear gap was found between enterprise risk management (ERM) as a general approach to risks threatening firms’ objectives and ERM’s neglect of emerging risks, such as those associated with IT innovations. The findings suggest that ERM should be extended towards the collection and sharing of knowledge to allow for an initial understanding and description of emerging risks, as opposed to the traditional ERM approach involving estimates of impact and probability. For example, as cyber risks emerge from an IT innovation, the focus may need to switch towards reducing uncertainty through knowledge acquisition. Since individual managers seldom possess all relevant knowledge of an IT innovation, various stakeholders may need to be involved to exploit their expertise. The Geneva Papers (2018). https://doi.org/10.1057/s41288-018-0081-8 Keywords: cyber risk; emerging risks; enterprise risk management Article submitted 14 May 2017; accepted 23 January 2018;
Introduction Cyber risks are on the increase, especially as a result of IT innovation—a key driver of business progress in most industries that inevitably brings significant emerging risks as well as potentially profitable opportunities.1 Although not entirely new, the pace and impact of IT innovation and its implications have accelerated recently,2 with emerging cyber risks becoming a major concern.
1 2
Ali et al. (2014); Bhargava (2014); COSO (2017); Roland Berger (2015). Price and Adams (2015).
The Geneva Papers on Risk and Insurance—Issues and Practice
Many industries that were until recently relatively stable and safe now face disruptive IT innovations, e.g. the taxi industry (Uber) and hotel accommodation (Airbnb). Similarly, banking has been disrupted by new payment services (e.g. Google Wallet), peer-to-peer lending, crowd-sourced equity funding, and digital currencies.3 In the insurance sector, IT innovations include technologies such as big data and telematics on the underwriting side and mobile apps and comparison sites in terms of supply. IT innovations create significant strategic risks for established organisations, threatening their ma
Data Loading...
