Connect with us

Hi, what are you looking for?

Business

Report: State of Enterprise Risk Management 2020

The new report is headed “State of Enterprise Risk Management 2020” and it details that over than half of risk professionals worldwide say their organization’s risk levels have increased in the past 12 months. This trend is likely to continue into 2020.

To gather the data, ISACA polled a global population of over 4,500 professionals involved in risk decisions for large and small enterprises, across six continents and all industries, from manufacturing to government and financial services, and every industry in between.

Threat level rises to high

As well as the increasing threat levels, the study also finds that 29 percent of respondents have found that cybersecurity is the most critical risk category facing enterprises today and 33 percent of respondents believe that information and cybersecurity risk will be the most critical category of risk facing their organization in the next 18-24 months.

In this context, the finding from the report that boards of directors are only updated on cybersecurity risk on a quarterly basis—sometimes event less – is of concern and an impediment to developing an effective cybersecurity strategy.

What should the CISO do?

However, some better news on the C-suite front is that where chief information security officers (CISOs) are in place, then these directors are updated much more frequently, with 70 percent saying they receive updates at least once a month. The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Boards are generally aware of cyber-risks. One interesting finding is that risk awareness correlates to seniority. As the respondent seniority level increases, the more aware they are of the risk that their enterprise faces.

There’s no ‘golden ticket guidance’

Awareness does not necessarily translate into meaningful action. While most survey respondents indicate that their enterprises have implemented the most fundamental risk management steps, including assessment (85 percent) and risk identification (81 percent), ongoing measurement and tracking of risk is less developed, and the ability to forecast new risk presents an area of challenge.

The report concludes that whilst there is no ‘golden ticket guidance’ that will work in every enterprise when it comes to risk optimization, there are measures that enterprises can adopt in order to make better decisions about risk and to improve the measures they have in place.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Got a problem? Yes, you do. Fix it. Try “Life, Liberty, and the Pursuit of Happiness.” You could do worse.

World

Lawmakers investigating the attack on the US Capitol detailed Donald Trump's efforts to recruit the Justice Department into his scheme.

World

US senators advanced a bipartisan bill late Thursday addressing the epidemic of gun violence convulsing the country.

Tech & Science

To stay ahead of cybercriminals, companies must address vulnerability exposure risks before hackers attack them.