52 Risks® Update (December 2020): IT Risk: things that go bump in the night (and during the day), fraud and financial crime risk, and more.

It is often said that investing in the share market is akin to gambling. It is therefore no small irony that this month’s newsletter focuses on IT incidents involving a stock exchange and a totaliser betting agency. In the past month both Australian Securities Exchange (www.asx.com) and Australia’s largest betting group, Tabcorp Holdings (www.tabcorp.com.au) suffered serious and lengthy IT outages (unrelated to each other).

On Saturday, 7 November, a smoke and fire incident at a third party managed data center resulted in extensive damage to Tabcorp Holding’s servers and associated infrastructure. This led to a lengthy outage and the closure of the Group’s TAB retail venues on one of the busiest days of the horse racing calendar.

The following week on 16 November, the Australian Securities Exchange halted trade shortly after the opening bell because of what it said were “market data issues”. The exchange was closed for the rest of the day whilst the issues were identified and rectified. The cause was subsequently identified by the ASX and its technology provider Nasdaq as a software issue. 

These incidents highlight both the heavy reliance on third parties for IT services as well as the impact of IT outages on revenue, operations and reputation.

Without knowing the full details of the technology and business operations at both companies, it is difficult to identify specific learnings. However, both incidents reinforce the need for directors and executives to have a deep understanding of their IT infrastructure, outsourcing arrangements, business partners, potential areas for outages, and key controls and mitigants. Having well developed and rehearsed business continuity plans is critical.

As we know, every business is an IT business today. IT Risk, Outsource Risk and Operations & Process Risk are key operational risks under the 52 Risks Framework.  

Other highlights for the month for me were:

  • I had a great chat to Lili Nguyen from Informa in London early in November about fraud risk. I discussed the importance of investing in fraud management, adopting new technologies, and having a coordinated approach across physical security, financial crime and cyber security. You can see the youtube interview video here.
  • And on the same topic, I also discussed the increasing incidence of fraud and white collar crime with tickertv’s Adrian Franklin during the month. You can watch the segment here.

Peter Deans