The Emergence of Cyber Risk Management
Cyber Risk Management is the next evolution in enterprise technology risk and security for organizations that increasingly rely on digital processes to run their business.
Several trends are leading the development of this new business discipline:
- Continued Losses: Organizations are increasingly reliant on digital processes to run their business and despite their security investments, continue to suffer major service failures and liability-related losses due to cyber attacks.
- Minimum Security: Current security processes and technologies mostly address compliance requirements, which are critical in defining minimum security standards, but are not sufficient to protect organizations from ever-evolving cyber threats. Compliance-focused security also tends to be highly inefficient, which can waste resources and limit the organization's ability to focus on the most critical exposures.
- Growing Interdependencies: Operational technology, IT, the Internet of Things and physical security technologies have growing interdependencies that require a risk-based approach to governance and management.
- Executive Needs: Boards of directors and executive management teams now must understand the cyber risk posture of their businesses and the business underpinnings of risk mitigation initiatives.
- Incongruous Approaches: Most organizations are not equipped for a risk-based approach to cybersecurity governance and management, as they do not have common methods in place to quantify and manage cyber business risk across the various stakeholders (board, executives, operations, IT).
"By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases."