Digital risk management, DRM, is the effort an organisation has to apply towards keeping its digital risks at acceptable levels. These digital risks include any risks that could cause the loss of or damage to computer hardware and software, the firm’s data or processing capabilities, or its information. Digital risk is a generic term used to describe the unexpected consequences resulting from the firm’s use of technology, particularly as it grows its online presence and transforms (or digitises) its processes, which can result in disruption or uncertainty and impact negatively on the business objectives involved. DRM is a subset of enterprise risk management (ERM).

It involves processes to improve the identification, evaluation and monitoring of digital risk which affect the organisation’s financial performance, operation or reputation; these risks may appear as cybersecurity, operational or third-party risks. These may cause undesired outcomes to the firm if they are not appropriately managed. DRM puts digital/digitisation-related risks in perspective so that the best decisions can be made by the organisation, going forward, to ensure business continuity, sustainability and competitiveness. DRM is gaining traction for a host of reasons, the main one being that firms are becoming increasingly dependent on their technological/digital capabilities.

The value of digital technology hinges greatly on its ability to bring the right information to the right point at the right time. To achieve this, many tools come into play, including analytics, robotics, artificial intelligence and augmented reality, among others. All these need to converge to drive business effectively, and in doing so, they leave a trail of information – a digital footprint. Any online presence, transaction or transfer of data leaves a digital footprint. It contains both private and public data, and both are vulnerable. Information derived from digital footprints of organisations and individuals is a valuable asset, making risk management of digital footprint necessary.

A major concern for any business today is the maintenance of the integrity of its data, which hinges on the way it is stored, applied in transactions and the methods used to preserve its confidentiality. Data is the new currency; because of this, there is a growing need for cybersecurity. In malicious hands, it will be misused and abused, and impact negatively on the organisation, possibly even causing a loss of confidence among stakeholders. There are critical roles and responsibilities that need to be undertaken by those dealing with data. Foremost is the need for privacy and ethical application of the data. Is it ethical to use personal data to generate revenue without the users’ knowledge?

This is just one of the many grey areas which confront organisations, that may impact on their use of digital tools. It is worth noting that in the cyber world, a great deal of data is retained, even if it is deleted from devices. Digital technology is transforming businesses, and it is now almost impossible to compete without it. The risks that come along with it need to be managed, so that the organisation ultimately augments its capabilities to fully embrace new opportunities, and derives maximum value from its digital initiatives.