Safeguarding Digital Finance: Boost Bank's Approach to Business Continuity Management
Part 3: RAR – Risk Impact and Likelihood Assessment
Introduction
This chapter presents the Risk Impact and Likelihood Assessment for Boost Bank Malaysia, a fully digital bank operating across the country.
Building upon the threat scenarios identified in Part 1: RAR – List of Threats, this section evaluates each threat in terms of its potential impact on various critical areas of the organisation, including financial performance, operational continuity, legal and regulatory compliance, reputation, social responsibility, human resources, and technology assets.
By assessing both the severity (impact) and the probability (likelihood) of each threat, the organisation is better positioned to prioritise risks and allocate resources effectively.
This structured approach follows the guidelines provided in BCM Institute’s framework and aligns with industry best practices in business continuity and operational resilience.
The resulting Risk Rating and Risk Level for each threat will inform the development of appropriate mitigation strategies and business continuity measures, ensuring that Boost Bank remains resilient in the face of diverse challenges.
Below is a sample RAR - Risk Impact and Likelihood Assessment Table for Boost Bank Malaysia. The values (e.g., scores, likelihoods) are hypothetical but grounded in best practices and risk management logic.
Part 3: RAR – Risk Impact and Likelihood Assessment – Boost Bank Malaysia
|
Threat |
Impact Area - Finance |
Impact Area - Operations |
Impact Area - Legal & Regulatory |
Impact Area - Reputation & Image |
Impact Area - Social Responsibility |
Impact Area - People |
Impact Area - Assets/IT Systems/Information |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating (Impact x Likelihood) |
Risk Level |
Expected Period of Disruption |
|
Cyberattack (e.g., ransomware) |
4 – High |
4 – High |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Assets/IT Systems/Info) |
4 – Likely |
20 |
High |
> 5 days |
|
System Outage / Downtime |
3 – Moderate |
5 – Very High |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
4 – High |
5 (Operations) |
5 – Very Likely |
25 |
High |
1–3 days |
|
Data Breach |
4 – High |
3 – Moderate |
5 – Very High |
5 – Very High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Legal & IT) |
3 – Possible |
15 |
Medium |
3–5 days |
|
Natural Disaster (e.g., flood) |
4 – High |
5 – Very High |
3 – Moderate |
4 – High |
4 – High |
4 – High |
4 – High |
5 (Operations) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Insider Threat / Fraud |
4 – High |
3 – Moderate |
4 – High |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Finance/Legal) |
3 – Possible |
12 |
Medium |
1–3 days |
|
Regulatory Non-Compliance |
2 – Low |
2 – Low |
5 – Very High |
3 – Moderate |
1 – Very Low |
1 – Very Low |
2 – Low |
5 (Legal & Regulatory) |
3 – Possible |
15 |
Medium |
< 1 day |
|
Third-party Service Provider Failure |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Operations/IT) |
4 – Likely |
16 |
High |
1–3 days |
|
Pandemic / Epidemic |
4 – High |
3 – Moderate |
3 – Moderate |
3 – Moderate |
5 – Very High |
5 – Very High |
3 – Moderate |
5 (People) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Power Failure |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
1 – Very Low |
1 – Very Low |
3 – Moderate |
4 (Operations) |
4 – Likely |
16 |
High |
< 1 day |
|
Physical Security Breach |
3 – Moderate |
2 – Low |
3 – Moderate |
2 – Low |
1 – Very Low |
3 – Moderate |
3 – Moderate |
3 (Finance/Legal/People) |
2 – Unlikely |
6 |
Low |
< 1 day |
Legend and Definitions:
- Impact Ratings:
- 1 = Very Low
- 2 = Low
- 3 = Moderate
- 4 = High
- 5 = Very High
- Likelihood Ratings:
- 1 = Rare
- 2 = Unlikely
- 3 = Possible
- 4 = Likely
- 5 = Very Likely
- Risk Rating: Calculated as Impact (highest score) × Likelihood
- Risk Level Classification:
- 1–5 = Very Low
- 6–10 = Low
- 11–15 = Medium
- 16–20 = High
- 21–25 = Very High
Summing Up ...
The risk impact and likelihood assessment conducted in this chapter provides a comprehensive understanding of the key threats facing Boost Bank Malaysia.
The analysis highlights that cyberattacks, system outages, data breaches, and third-party service failures represent the highest risks to the organisation, given their significant potential to disrupt operations and compromise information security.
By quantifying these risks and identifying their most affected impact areas, Boost Bank can better prioritise its business continuity planning efforts. The results from this assessment will serve as the foundation for developing targeted risk mitigation strategies and continuity measures, as outlined in subsequent sections of the Business Continuity Plan (BCP).
This proactive approach ensures that Boost Bank remains well-prepared to respond effectively to disruptions, maintain regulatory compliance, protect stakeholder interests, and uphold customer trust in a rapidly evolving digital banking environment.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
