Risk Roundup for July and August 2019
This month’s Risk Roundup is about data privacy and federal agencies woefully prepared for cybersecurity. Then we descend on Southern California for the biggest California earthquake in 20 years. On the flight home, we contemplate the business impact of the US-China trade war.
Facebook reaches $5 billion settlement for data privacy violations
US regulators approved a $5 billion fine of Facebook on July 13 for mishandling users’ personal data and ordered Facebook to add oversight to its data practices. The settlement officially ends FTC’s investigation of Facebook improperly sharing user data with Cambridge Analytica. As more data privacy regulations take effect like the California Consumer Privacy Act (CCPA), organizations should investigate compliance implications. Take steps like adding controls and updating policies to prepare for any new privacy law requirements.
GAO report finds 16 federal agencies unprepared for cyber risk
The United State Government Accountability Office (GAO) delivered a scathing report in July citing federal agencies unpreparedness for cyber risk. The report found 16 federal agencies exhibited deficiencies in all NIST Cybersecurity Framework core security functions: identify, protect, detect, respond, and recover. All government entities, as well as any business, can access the cybersecurity framework that outlines the functions and essential steps. Follow NIST to be in lockstep with digital risk management.
The biggest earthquake in 20 years rocks Southern California
July 4 brought fireworks of a different kind. A powerful earthquake with a 6.4 magnitude hit a remote area 150 miles northeast of Los Angeles. An aftershock of 7.1 magnitude hit a day later. Thankfully, destruction was minimal. The scenario that has researchers worried is a 7.8 magnitude quake rupturing a 200-mile stretch along the southern part of San Andreas fault. That hasn’t happened yet, but it’s a serious risk. For organizations with a California presence or connection, a business impact analysis from a major earthquake and disaster recovery procedures should be part of the business continuity plan.
US-China trade war—troubling tariffs
August came and with it an escalation in the US-China trade war. Both countries have engaged in a tit for tat, slapping tariffs on each other’s consumer goods and manufactured products. Our farm belt has been impacted too and is receiving a bailout. Overall, it’s geopolitical risk with far-reaching consequences. Tariffs upset companies’ supply chains, make it harder to sell to markets, and damage US and world economies. In 2019-2020, all organizations need to factor geopolitical risk into their risk management programs.
This month’s edition of Risk Roundup reflects a growing emphasis on IT risk, especially privacy and cyber. However, events happen, whether it’s this summer’s escalating trade war or a natural disaster like an earthquake that suddenly takes center stage. It’s why we find risk management so fascinating. Each day brings promise and peril that calls for proactive management. We’ll be back in November with a roundup of top risks from September and October.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.