Organisational Resilience: Compliance Risk Strategy for 2023

No ratings yet.

No ratings yet.

There are a number of updates to regulations that will impact organisations in 2023. They will create new requirements for businesses to follow, new areas of risk, and more money and time spent adjusting to these changes.

Compliance strategies help cement trust in professional partnerships and vendor relationships. Whether organisations are trying to qualify for cyber insurance, or simply looking to obey the law and avoid fines, they are up against increasingly tough compliance measures. It is no longer sufficient to be compliant only once in a year, scramble in the two weeks before the audit, and then forget about it for the rest of the year.

What compliance tech trends should IT management adopt as they build and refine their technology roadmaps?  

Let’s look at some regulatory and technology trends.

Regulations to Watch

European Union Digital Operational Resilience Act (DORA). The EU is applying regulatory pressure on the financial services industry with its Digital Operational Resilience Act (DORA)DORA is a “game changer” that will push firms to fully understand how their IT, operational resilience, cyber and third-party risk management practices affect the resilience of their most critical functions as well as develop entirely new operational resilience capabilities.

One key element that DORA introduces is the Critical Third Party (CTP) oversight framework, expanding the scope of the financial services regulatory perimeter and granting the European Supervisory Authorities (ESAs) substantial new powers to supervise CTPs and address resilience risks they might pose to the sector.

Germany’s Supply Chain Due Diligence Act (SCDDA). On January 1, 2023, the Supply Chain Due Diligence Act took effect. It requires all companies with head offices, principal places of business, or administrative headquarters in Germany – with more than 3,000 employees in the country – to comply with core human rights and certain environmental provisions in their supply chains. SCDDA is far-reaching and impacts multiple facets of the supply chain, from human rights to sustainability, and legal accountability throughout the third-party ecosystem. It will address foundational supply chain issues like anti-bribery and corruption diligence.

From 2024, the number of employees will be lowered from 3,000 to 1,000. And Switzerland, The Netherlands, and the European Union also have similar drafts of regulation in the books.

PCI DSS 4.0. Payment Card Industry Data Security Standard (PCI DSS) is the core component of any credit card company’s security protocol.  In an increasingly cashless world, card fraud is a growing concern. Any company that accepts, transmits, or stores a cardholder’s private information must be compliant. PCI compliance standards help avoid fraudulent activity and mitigate data breaches by keeping the cardholder’s sensitive financial information secure.

PCI compliance standards require merchants to consistently adhere to the PCI Standards Council’s guidelines which include 78 base requirements, more than 400 test procedures, and 12 key requirements.

Looking at how PCI has evolved over the years up to PCI 4.0, there is a departure from specific technical requirements toward the general concept of overall security.  PCI 4.0 requirements were released in March 2022 and will become mandatory in March 2024 for all organisations that process or store cardholder data.

The costs of maintaining compliance controls and security measures are only part of what businesses should consider for PCI certification. Businesses should also account for audit costs, yearly fees, remediation expenses, and employee training costs in their budgets as well as technical upgrades to meet compliance standards.

Tech Trend Changes

Zero Trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data, and assets. Zero Trust as a model assumes all requests are from an open network and verifies each request this way. PCI 4.0 does not mention Zero Trust architecture specifically, but it is evident that the Security Standards Council is going that way as a future consideration.

Passwordless authentication has gained a lot of attention and traction recently. large tech providers such as Google, Apple, and Microsoft, are introducing passwordless authentication based on passkeys. This is a clear sign that the game is about to change. As the PCI DSS focuses on avoiding fraudulent activity, so does newer authentication protocol approaches to verify and confirm identity.

Third-party risk management is quickly evolving into third-party trust management (TPTM), with the SCDDA creating a clear line in the sand for global organisations. TPTM is a critical consideration when standing up an enterprise trust strategy. Enterprise trust is a driver of business development that depends on cross-domain collaboration. It goes beyond cybersecurity and focuses on building trusted and lasting third-party relationships across the core critical risk domains: security, privacy, ethics & compliance, and ESG.

Final thought – Cyber Insurance in 2023

If some of these compliance drivers lead to a desire for financial protection,  cyber insurance is one mitigation element for strategy to address C-level concerns. But wait – this is not as easy as it used to be.

Five years ago, a firm could fill out a one-page cyber insurance application and answer a handful of questions. Fast forward to today’s world of ransomware attacks and other cyber threats – now getting insurance with favourable terms, conditions, pricing, coverage and low retention is tough.

Insurance companies prefer enterprises that are instituting robust security controls and incident response plans — especially those prepared to deep dive into their cybersecurity architectures and with planned roadmaps. In terms of compliance strategy development, there needs to be a risk-based approach to cybersecurity to allow an insurer to offer a favourable insurance option.

0
0
Moving-into-the-AI-Era-Microsoft-Investment-ChatGPT
Moving into the AI Era – Microsoft Increases Investment in OpenAI

5/5 (3)

5/5 (3)

Microsoft’s intention to invest a further USD 10B in OpenAI – the owner of ChatGPT and Dall-E2 confirms what we said in the Ecosystm Predicts – Cloud will be replaced by AI as the right transformation goal. Microsoft has already invested an estimated USD 3B in the company since 2019. Let’s take a look at what this means to the tech industry.

Implications for OpenAI & Microsoft

OpenAI’s tools – such as ChatGPT and the image engine Dell-E2 – require significant processing power to operate, particularly as they move beyond beta programs and offer services at scale. In a single week in December, the company moved past 1 million users for ChatGPT alone. The company must be burning through cash at a significant rate. This means they need significant funding to keep the lights on, particularly as the capability of the product continues to improve and the amount of data, images and content it trawls continues to expand. ChatGPT is being talked about as one of the most revolutionary tech capabilities of the decade – but it will be all for nothing if the company doesn’t have the resources to continue to operate!

This is huge for Microsoft! Much has already been discussed about the opportunity for Microsoft to compete with Google more effectively for search-related advertising dollars. But every product and service that Microsoft develops can be enriched and improved by ChatGPT:

  • A spreadsheet tool that automatically categorises data and extract insight
  • A word processing tool that creates content automatically
  • A CRM that creates custom offers for every individual customer based on their current circumstances
  • A collaboration tool that gets answers to questions before they are even asked and acts on the insights and analytics that it needs to drive the right customer and business outcomes
  • A presentation tool that creates slides with compelling storylines based on the needs of specific audiences
  • LinkedIn providing the insights users need to achieve their outcomes
  • A cloud-based AI engine that can be embedded into any process or application through a simple API call (this already exists!)

How Microsoft chooses to monetise these opportunities is up to the company – but the investment certainly puts Microsoft in the box seat to monetise the AI services through their own products while also taking a cut from other ways that OpenAI monetises their services.

Impact on Microsoft’s competitors

Microsoft’s investment in OpenAI will accelerate the rate of AI development and adoption. As we move into the AI era, everything will change. New business opportunities will emerge, and traditional ones will disappear. Markets will be created and destroyed. Microsoft’s investment is an attempt for the company to end up on the right side of this equation. But the other existing (and yet to be created) AI businesses won’t just give up. The Microsoft investment will create a greater urgency for Google, Apple, and others to accelerate their AI capabilities and investments. And we will see investments in OpenAI’s competitors, such as Stability AI (which raised USD 101M in October 2022).

What will change for enterprises?

Too many businesses have put “the cloud” at the centre of their transformation strategies – as if being in the cloud is an achievement in itself. While cloud made applications and processes are easier to transform (and sometimes cheaper to deploy and run), for many businesses, they have just modernised their legacy end-to-end business processes on a better platform. True transformation happens when businesses realise that their processes only existed because they of lack of human or technology capacity to treat every customer and employee as an individual, to determine their specific needs and to deliver a custom solution for them. Not to mention the huge cost of creating unique processes for every customer! But AI does this.

AI engines have the ability to make businesses completely rethink their entire application stack. They have the ability to deliver unique outcomes for every customer. Businesses need to have AI as their transformation goal – where they put intelligence at the centre of every transformation, they will make different decisions and drive better customer and business outcomes. But once again, delivering this will take significant processing power and access to huge amounts of content and data.

The Burning Question: Who owns the outcome of AI?

In the end, ChatGPT only knows what it knows – and the content that it learns from is likely to have been created by someone (ideally – as we don’t want AI to learn from bad AI!). What we don’t really understand is the unintended consequences of commercialising AI. Will content creators be less willing to share their content? Will we see the emergence of many more walled content gardens? Will blockchain and even NFTs emerge as a way of protecting and proving origin? Will legislation protect content creators or AI engines? If everyone is using AI to create content, will all content start to look more similar (as this will be the stage that the AI is learning from content created by AI)? And perhaps the biggest question of all – where does the human stop and the machine start?

These questions will need answers and they are not going to be answered in advance. Whatever the answers might be, we are definitely at the beginning of the next big shift in human-technology relations. Microsoft wants to accelerate this shift. As a technology analyst, 2023 just got a lot more interesting!

The Future of AI
0
0
The degree of Decentralization in DeFi_SFF-Oliver Wyman
The degree of Decentralization in DeFi

No ratings yet.

No ratings yet.

The Blockchain ecosystem relies on distributed ledger technology and its promise to make systems and processes cheaper, faster, inclusive, and permissionless. The use of the word “decentralised” has become central to advocacy discussions as well as daily conversations about digital assets. However, it is a loaded term that entails governance, economic, management, processing, and legal attributes. The degree of decentralisation across these attributes needs to be examined, clearly defined in a spectrum, and evaluated for the benefit of the current and the future participants of crypto networks as well as other stakeholders, including public policy makers and regulators.

What is decentralisation? How can we define the spectrum of decentralisation? How decentralised are the leading crypto networks right now? How are market forces impacting it? What are the main benefits of decentralisation in Decentralised Finance (DeFi)? What are the risks and vulnerabilities associated with decentralisation?

These were some of the themes discussed at an invitation only ThinkTank session at the Singapore FinTech Festival 2022 hosted by Ecosystm and supported by Oliver Wyman:

  • DeFi is a very broad term and needs to be clearly defined. “Decentralised” is a spectrum with governance, economic, management, processing, and legal attributes for crypto networks.
  • To test the principles of decentralisation, an element of stress or concentration must be introduced, especially when technologies are still at a nascent stage.
  • There has been a growing interest in DeFi in the banking space, and leading institutions are building teams to better understand the technology and how they can apply it to their business models.
  • Along with institutional capital, transparency and trust are essential for progress. New technology comes with different risks, but finding the right balance between technology, processes, and security is key.
  • Regulators are open to working together as they are also struggling to keep up with the fast-moving industry. Conversations with institutions, regulators, and law enforcement agencies are vital to understand how to implement and regulate different innovations.

Download Report – The degree of Decentralization in DeFi

The degree of Decentralization in DeFi

(Clicking on this link will take you to Oliver Wyman website where you can download the report)

Download the Whitepapers
0
0
The-Top-5-Trends-for-the-Experience-Economy-in-2023
Ecosystm Predicts: The Top 5 Trends for the Experience Economy in 2023

No ratings yet.

No ratings yet.

Customer experience (CX) is an integral part of a brand today – and excellence in CX is a moving target (think how tools such as ChatGPT can revolutionise communications and CX). Organisations will find themselves aiming for personalised CX across channels of preference, with convenience, empathy, and speed at the core.

Here are the top 5 trends for the Experience Economy for 2023 according to Ecosystm analysts Audrey William, Melanie Disse, and Tim Sheedy.

  • Organisations Will Focus on Building a “One CX Workforce”
  • AI Will Lead Voice of Customer Programs
  • Metadata Will Become Important
  • The Conversational AI Market Will Mature
  • Organisations Will Go Back to Focusing on Web Experience

Read on for more details.

Download Ecosystm Predicts: The Top 5 Trends for the Experience Economy in 2023 as a PDF

Access More Insights Here
0
0
The-Top-5-Trends-for-Cybersecurity-&-Compliance-in-2023
Ecosystm Predicts: The Top 5 Trends for Cybersecurity & Compliance in 2023

No ratings yet.

No ratings yet.

With organisations facing an infrastructure, application, and end-point sprawl, the attack surface continues to grow; as do the number of malicious attacks. Cyber breaches are also becoming exceedingly real for consumers, as they see breaches and leaks in brands and services they interact with regularly. 2023 will see CISOs take charge of their cyber environment – going beyond a checklist.

Here are the top 5 trends for Cybersecurity & Compliance for 2023 according to Ecosystm analysts Alan Hesketh, Alea Fairchild, Andrew Milroy, and Sash Mukherjee.

  • An Escalating Cybercrime Flood Will Drive Proactive Protection
  • Incident Detection and Response Will Be the Main Focus
  • Organisations Will Choose Visibility Over More Cyber Tools
  • Regulations Will Increase the Risk of Collecting and Storing Data
  • Cyber Risk Will Include a Focus on Enterprise Operational Resilience

Read on for more details.

Download Ecosystm Predicts: The Top 5 Trends for Cybersecurity & Compliance in 2023 as a PDF

Access More Insights Here
0
0
Ecosystm Predicts: The Top 5 Trends for the Intelligent Enterprise in 2023

No ratings yet.

No ratings yet.

Organisations will continue their quest to become digital and data-first in 2023. Business process automation will be a priority for the majority; but many will look at their data strategically to derive better business value. 

As per Ecosystm’s Digital Digital Enterprise Study 2022, organisations will focus equally on Automation and Strategic AI in 2023.

Here are the top 5 trends for the Intelligent Enterprise in 2023 according to Ecosystm analysts, Alan Hesketh, Peter Carr, Sash Mukherjee and Tim Sheedy.

  • Cloud Will Be Replaced by AI as the Right Transformation Goal
  • Adoption of Data Platform Architecture Will See an Uptick
  • Tech Teams Will Finally Focus on Internal Efficiency
  • Data Retention/Deletion and Records Management Will Be Top Priority
  • AI Will Replace Entire Human Jobs

Read on for more details.

Download Ecosystm Predicts: The Top 5 Trends for the Intelligent Enterprise in 2023 as a PDF

Ecosystm Predictions 2023
0
0
The-Top-5-Trends-for-the-Distributed-Enterprise-in-2023
Ecosystm Predicts: The Top 5 Trends for the Distributed Enterprise in 2023

5/5 (1)

5/5 (1)

In 2023, organisations will continue to reinvent themselves to remain relevant to their customers, engage their employees and be efficient and profitable.

As per Ecosystm’s Digital Enterprise Study 2022, organisations will increase spend on digital workplace technologies, enterprise software upgrades, mobile applications, infrastructure and data centres, and hybrid cloud management.

Here are the top 5 trends for the Distributed Enterprise in 2023 according to Ecosystm analysts, Alea Fairchild, Darian Bird, Peter Carr, and Tim Sheedy.

  • Deskless Workers Will Become Modern Professionals
  • Need for Cost Efficiency Will Stimulate the Use of Waste Metrics in Public Cloud
  • The Climate & Energy Crisis Will Change the Cloud Equation
  • Industry Cloud Will Further Accelerate Business Innovation
  • The SASE Piece Will Fall in Place

Read on for more details.

Download Ecosystm Predicts: The Top 5 Trends for the Distributed Enterprise in 2023

Ecosystm Predictions 2023
0
0