Capgemini-多部门数字运营弹性-应用金融部门的经验教训（英）

Multi-sector digitaloperational resilienceApplying lessons learned by the financial sectorAchieving digital operational resilience is challenging due to the balance needed between external, internal, and strategic challenges in an increasingly digital environment. Organizations are navigating the possibilities of digital transformation, which promises growth, innovation, and efficiency. Simultaneously, companies face increased exposure to cyber threats, geopolitical tension, and third-party supply chain disruption.Establishing digital operational resilience requires an integrated solution across people, processes, and technology to help identify threats, prevent attacks, and resume operations smoothly and quickly if interrupted.The pressure on organizations to ensure cybersecurity and digital operational resilience originates from regulations in multiple global jurisdictions, increasing digitization of business processes with complex interdependencies, and greater reliance on third-party providers for key systems.Operations are at risk from physical damage, cyber-attacks, IT system outages, and third-party supplier failures. Natural hazards, war, political protests, and employment disputes are also potentially disruptive. The past two decades of legislation and regulation since Sarbanes-Oxley in 2002 indicate that operational risk resilience regulations globally are likely to grow in scope and detail.Financial services – the first in lineThe centrality of banking and financial services to economies makes the sector a recurring high priority for policymakers, political representatives, and regulators. The United States started the most recent drive for improved operational resilience in financial services in 2020 when the Federal Reserve published SR 20-24, its operations sound practices for the largest and most complex domestic banks and financial services companies. The EU followed with the Digital Operational Resilience Act (DORA).1 Since 2020, banks and other financial services providers connected with the EU have been completing transformation programs to comply with the act, a key part of the EU’s Cybersecurity Strategy for the Digital Decade.The UK added its own initiative in March 2022 when the financial regulator, the Prudential Regulation Authority (PRA), issued a supervisory statement on operational resilience, setting high standards for board accountability, regular basic testing (with annual as a minimum), and third-party contractual provisions for testing, contingency, and terminating relationships. These regulations have set a high standard for financial sector IT practices. Financial institutions are now mandated to have action and communications plans and disaster recovery strategies, including backups and data recovery.The US National Institute of Standards and Technology (NIST) describes operational resilience as “the ability of systems to resist, absorb, and recover from or adapt to an adverse occurrence during operation that m