Incident management: How to respond to the polycrisis with an integrated approach
Abstract
Incident management — the response to an unplanned interruption or event that potentially harms assets or compromises operations — is the daily business of IT professionals and cyber defence specialists. Guidance on how to implement incident management can be found in international standards; however, the process does not receive sufficient attention from the rest of the organisation. Driven by the digitalisation of the financial sector and the growing threat of cyberattacks, global supervisory authorities have worked over the past five years to strengthen operational resilience. Incident management has been identified as one of the core elements, supported by thorough organisational measures, to provide more transparency, awareness and management attention, but even government influence failed to make this a prominent topic in boardrooms. The threat became a reality, however, with the CrowdStrike outage, the largest information and communication technology (ICT) incident in history, resulting in an estimated financial damage of US$10bn. Since the focus on operational resilience has shifted to ICT, the world has changed dramatically: geopolitical conflicts, extreme weather events and energy insecurity have evolved fast and will challenge organisations in parallel to ICT failures and cyberattacks. This requires a different approach to incident management with more comprehensive oversight, stronger collaboration and integration. As threats are increasingly interconnected, extremely fast coordination and synchronised activation will be required. This paper discusses the building blocks of an integrated incident management system and how operational and strategic elements are related. The paper also reviews European regulations for operational resilience (Digital Operational Resilience Act [DORA]) in the context of a broader implementation approach and how this connects with enterprise risk management (ERM). This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Michael Ehrnsperger is Head of Group Protection and Resilience and Head of the Group Crisis Unit at Allianz. His remit includes incident and crisis management, business continuity management, threat oversight and protective security. He was recently responsible for the implementation of a group-wide third party risk management programme and was co-lead of the Digital Operational Resilience Act (DORA) roll-out. Michael has over 25 years’ experience in executive leadership positions in the financial industry, mainly in the domains of strategic projects, process management, reorganisation, audit and risk management. He is a graduate of the Business Administration in Banking programme at the Frankfurt School of Finance and Management.
Citation
Ehrnsperger, Michael (2025, December 1). Incident management: How to respond to the polycrisis with an integrated approach. In the Journal of Risk Management in Financial Institutions, Volume 19, Issue 1. https://doi.org/10.69554/IWQR8979.
Publications LLP