Building upon the threat scenarios identified in Part 1: RAR – List of Threats, this section evaluates each threat in terms of its potential impact on various critical areas of the organisation, including financial performance, operational continuity, legal and regulatory compliance, reputation, social responsibility, human resources, and technology assets.
By assessing both the severity (impact) and the probability (likelihood) of each threat, the organisation is better positioned to prioritise risks and allocate resources effectively.
This structured approach follows the guidelines provided in BCM Institute’s framework and aligns with industry best practices in business continuity and operational resilience.
The resulting Risk Rating and Risk Level for each threat will inform the development of appropriate mitigation strategies and business continuity measures, ensuring that Boost Bank remains resilient in the face of diverse challenges.
Below is a sample RAR - Risk Impact and Likelihood Assessment Table for Boost Bank Malaysia. The values (e.g., scores, likelihoods) are hypothetical but grounded in best practices and risk management logic.
|
Threat |
Impact Area - Finance |
Impact Area - Operations |
Impact Area - Legal & Regulatory |
Impact Area - Reputation & Image |
Impact Area - Social Responsibility |
Impact Area - People |
Impact Area - Assets/IT Systems/Information |
Risk Impact Area (Highest Score) |
Risk Likelihood |
Risk Rating (Impact x Likelihood) |
Risk Level |
Expected Period of Disruption |
|
Cyberattack (e.g., ransomware) |
4 – High |
4 – High |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Assets/IT Systems/Info) |
4 – Likely |
20 |
High |
> 5 days |
|
System Outage / Downtime |
3 – Moderate |
5 – Very High |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
4 – High |
5 (Operations) |
5 – Very Likely |
25 |
High |
1–3 days |
|
Data Breach |
4 – High |
3 – Moderate |
5 – Very High |
5 – Very High |
2 – Low |
3 – Moderate |
5 – Very High |
5 (Legal & IT) |
3 – Possible |
15 |
Medium |
3–5 days |
|
Natural Disaster (e.g., flood) |
4 – High |
5 – Very High |
3 – Moderate |
4 – High |
4 – High |
4 – High |
4 – High |
5 (Operations) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Insider Threat / Fraud |
4 – High |
3 – Moderate |
4 – High |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Finance/Legal) |
3 – Possible |
12 |
Medium |
1–3 days |
|
Regulatory Non-Compliance |
2 – Low |
2 – Low |
5 – Very High |
3 – Moderate |
1 – Very Low |
1 – Very Low |
2 – Low |
5 (Legal & Regulatory) |
3 – Possible |
15 |
Medium |
< 1 day |
|
Third-party Service Provider Failure |
3 – Moderate |
4 – High |
2 – Low |
3 – Moderate |
1 – Very Low |
2 – Low |
4 – High |
4 (Operations/IT) |
4 – Likely |
16 |
High |
1–3 days |
|
Pandemic / Epidemic |
4 – High |
3 – Moderate |
3 – Moderate |
3 – Moderate |
5 – Very High |
5 – Very High |
3 – Moderate |
5 (People) |
2 – Unlikely |
10 |
Medium |
> 5 days |
|
Power Failure |
2 – Low |
4 – High |
1 – Very Low |
2 – Low |
1 – Very Low |
1 – Very Low |
3 – Moderate |
4 (Operations) |
4 – Likely |
16 |
High |
< 1 day |
|
Physical Security Breach |
3 – Moderate |
2 – Low |
3 – Moderate |
2 – Low |
1 – Very Low |
3 – Moderate |
3 – Moderate |
3 (Finance/Legal/People) |
2 – Unlikely |
6 |
Low |
< 1 day |
The risk impact and likelihood assessment conducted in this chapter provides a comprehensive understanding of the key threats facing Boost Bank Malaysia.
The analysis highlights that cyberattacks, system outages, data breaches, and third-party service failures represent the highest risks to the organisation, given their significant potential to disrupt operations and compromise information security.
By quantifying these risks and identifying their most affected impact areas, Boost Bank can better prioritise its business continuity planning efforts. The results from this assessment will serve as the foundation for developing targeted risk mitigation strategies and continuity measures, as outlined in subsequent sections of the Business Continuity Plan (BCP).
This proactive approach ensures that Boost Bank remains well-prepared to respond effectively to disruptions, maintain regulatory compliance, protect stakeholder interests, and uphold customer trust in a rapidly evolving digital banking environment.
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions.
|
||