We’ve previously outlined the important benefits on offer with RPA , but as with any new technology, adopters should be cognizant of the robotic process automation security risks too. RPA brings compound but solvable concerns ranging from typical security issues through to business risks. Awareness and mitigation are key to maintaining security and compliance

Balancing value against risk

Robotic process automation (RPA) is seeing rapid take-up, with Deloitte’s 2018 RPA survey finding that 53% of respondents have started to explore RPA. Yet though RPA can quickly bring value to process-driven businesses the risks posed by RPA implementations are unique and more diffuse than many companies realise. Indeed, it is the less familiar nature of RPA security risks that technology leaders should be most concerned about.

What are the robotic process automation security risks?

In many ways, RPA is a unique technology which is why robotic process automation security risks are somewhat different. Consider the fact, for example, that RPA effectively behaves like a human being, making use of standard human user credentials and UI actions to complete tasks. These are some of the key points risk-conscious enterprises should watch out for when implementing RPA:

1. Getting the implementation right

As always, new technology should be implemented with the support of existing teams and CXO staff. Implementation must be planned thoroughly and evaluated every step of the way. Teams must be conscious of change management too, understanding the implications RPA has for the wider business, for individual processes, and for staff members.

2. Managing access control and vulnerabilities

Identity and access management (IAM) become key issues with RPA as robots often go through exactly the same motions as humans, using similar credentials. Yet, that also means that the same security controls that keep the staff from exploiting systems can also keep RPA processes safe. Nonetheless, robotic process automation security risks do present another threat surface and security teams should always stay aware of the additional risks presented by the presence of robotic processes.

3. Preparing for business continuity

Yes, RPA can very much be a set-and-forget technology, humming away in the background. But what are the repercussions when an RPA process breaks down? What if a single software update causes a point of failure, interrupting RPA workflows? Companies should understand how RPAs introduce a threat to business continuity and establish plans to mitigate this.

4. Reputational damage and compliance

Robots running amok can cause the types of reputational damage that even the most trusted business will struggle to recover from. It is not just gross errors companies should be concerned about. For example, a subtle programming decision that means loans approvals discriminate against sections of the population can be equally damaging.

RPA poses a regulatory threat too, in part because RPA-driven processes can appear like black boxes, inscrutable to regulators. Explaining how these processes get results can be difficult. Where errors caused by RPA creep in companies can be in trouble with regulators, unable to explain why inaccurate statements were made.