Cyber risk management is the process of identifying, evaluating, and controlling potential risks to an organization, which is one of the critical functions for modern businesses, especially so in times of Corona.
With the advent of blockchain technology, it is being tested for practical applications, and risk management is one of those advanced fields wherein blockchain technology shows a promising future. Its application can reduce the risks in some cases and eliminate them in some cases, surprisingly. Many organizations also regard it as the base for future risk management.
However, blockchain technology also introduces some risks — especially due to its growth as a mature technology for commercial applications. The reason being the successful adoption and growth of any technology depends on the relevant management of its associated risks.
That said, the financial services industry is focusing on a new question: does blockchain technology (especially the business models based on the technology) expose new security risks? And if so, what mitigative processes and steps should be taken to deal with those risks?
But before discussing those questions, let’s get to know the basics of blockchain technology, then work on understanding its future in risk management.
What is Blockchain Technology?
Blockchain — also known as Distributed Ledger Technology — is a growing list of records called blocks. These blocks can store records of any data type (say, audio and video documents, financial transactions, etc.), and these blocks or records are resilient to modification per design. The reason being blockchain is an open and distributed ledger that records transactions in both tamper-proof and verifiable manner. Being distributed, it is mostly managed via a peer-to-peer network (like BitTorrent), i.e., blocks are stored on distributed systems. And it promises a lot more benefits as is described by Harvard Business Review.
“We can imagine a world in which contracts are embedded in digital code and stored in transparent, shared databases, where they are protected from deletion, tampering, and revision. In this world every agreement, every process, every task, and every payment would have a digital record and signature that could be identified, validated, stored, and shared. Intermediaries like lawyers, brokers, and bankers might no longer be necessary. Individuals, organizations, machines, and algorithms would freely transact and interact with one another with little friction. This is the immense potential of blockchain,” wrote Harvard Business Review.
For example, the Internet is such a distributed platform where unknown agents can perform activities to/with other agents — even harmful activities. And so, an agent works through a trusted intermediary for doing any sensitive transaction with another untrusted agent. That is why a user usually trusts some bank or financial institution for transferring money to another user on the Internet.
However, blockchain technology promises a system wherein one untrusted agent can trust another untrusted agent without using an intermediary. It does this by delegating the trust to the participants themselves. And thanks to the cryptographic features used for verifying the authenticity and consensus of the participating nodes (or agents per example), it forbids any form of cheating.
How it affects the Future of Risk Management?
Across various industries, risk practitioners are excited about blockchain technology’s promise to help minimize risks posed by current systems. Being considered a breakthrough, blockchain has the potential to revolutionize existing business processes and transaction-based models — especially in the financial technology sector, which is usually known as the “fintech” sector.
Since the blockchain technology can have a sincere impact on organizations and the way they interact within or with other organizations, a detailed information risk management strategy must be developed by the interested organizations. The new strategy should be able to identify and evaluate the risks generated due to blockchain and its impact on the surrounding environments and processes. Using a risk management strategy for blockchain technology, organizations can appropriately adopt the novel technology in their business processes and apply governance structures for blockchains with multiple stakeholders. However, it is crucial for risk professionals to get its difference from traditional systems.
First of all, blockchains can be permissioned or permissionless.
The popular cryptocurrencies like Bitcoin and Ethereum utilize permissionless blockchain wherein their networks are open for anyone to participate, produce blocks, and read data. On the contrary, permissioned blockchains allow access to authorized users only, which seems suitable for blockchain applications in enterprises.
The likelihood of malicious behavior on permissioned blockchain is lower than permissionless blockchain since there are only authorized users. Also, if one of the authorized users does not work in the best interest of the network, the user can be identified and revoked. Then, permissioned blockchains can implement consensus mechanisms to ensure the same tamper-proof data storage system as the permissionless blockchain without requiring the maintenance of extreme resources that is required by the permissioned blockchains such as Bitcoin.
Now, let’s discuss the risks. First of all, all nodes must agree for consensus in blockchain, which may hinder its scalability. Also, if the consensus mechanism has any error, organizations can be exposed to financial and operational risks. It may not support interoperability with the traditional systems. It does not support storing incorrect and draft data, and also, it does not store sensitive data seeing its public nature, which is possible using a sidechain (parallel blockchain). It uses smart contracts that are codified digital contracts between parties, and any error in designing and/or executing them can cause unforeseen risks. Since blockchains rely on cryptographic functions, cryptographic keys must be managed properly to guarantee the blockchain network’s integrity. Also, blockchains depend on the environments of both the original organization and the parting organizations, unlike as required by the traditional systems.
The future of risk management depends on these inherent risks introduced by blockchain systems. Since its inception in 2008, blockchain technology has grown in popularity and industry applications. However, IT teams and risk practitioners must understand the benefits and the risks of a blockchain system before implementing it in the organization. With blockchain systems on premise, organizations open their environment to third parties (even unknown parties). So, their risk management strategy must include and mitigate such risks.