The latest enterprise risk management news from around the world

Organizations are struggling to predict the impact of threats and vulnerabilities associated with emerging tech

Details
Published: Wednesday, 30 October 2019 09:03

More than half of risk professionals worldwide say that their organization’s risk levels have increased in the past 12 months, according to new research from ISACA, CMMI Institute and Infosecurity Group.

The organizations’ ‘State of Enterprise Risk Management 2020’ report reveals that only 29 percent of respondents have a high degree of confidence that their enterprise can accurately predict the impact of threats and vulnerabilities associated with emerging technologies. Additionally, fewer than a third (31 percent) of security pros say their enterprises can respond quickly when new threats are identified, a problematic dynamic given today’s fast pace of business and technology-driven change.

State of Enterprise Risk Management 2020 found that the most critical categories of risk facing enterprises today are:

  • Cyber security (29 percent)
  • Reputation (15 percent)
  • Financial (13 percent).

The top five cybersecurity risk management challenges are changes/advances in technology; changes in types of threats; too few security personnel; missing skills in existing cybersecurity personnel; and increased number and frequency of threats.

The study found that nearly two-thirds of respondents have defined processes for risk identification, but only 38 percent believe that those processes are at either the managed or optimized level of the maturity spectrum. This high adoption, low optimization trend shows there is significant need for action and improvement.

The State of Enterprise Risk Management 2020 study also reports diversity in the types of attacks seen across geographic locations and industry sectors. For example, respondents from Asia and India report more nation-state attacks than those in North America, Oceania and Europe.

When it comes to managing the fallout of an issue, only 43 percent of respondents’ enterprises employ insurance as a mitigation control. Organizations in North America and Africa are the highest adopters of insurance, with Latin America being the lowest.

Management and governance gap revealed

The study reveals a potential disconnect between management and governance of enterprises when it comes to risk. Respondents note that, on average, boards of directors are only updated on cyber security risk on a quarterly basis – sometimes even less. Chief information security officers (CISOs) are updated much more frequently, with 70 percent saying they receive updates at least once a month. This knowledge gap is a key opportunity for CISOs to expand their visibility at the governance level.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The Business Continuity Business Case

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.