Connect with us

Hi, what are you looking for?


Report: State of Enterprise Risk Management 2020

The new report is headed “State of Enterprise Risk Management 2020” and it details that over than half of risk professionals worldwide say their organization’s risk levels have increased in the past 12 months. This trend is likely to continue into 2020.

To gather the data, ISACA polled a global population of over 4,500 professionals involved in risk decisions for large and small enterprises, across six continents and all industries, from manufacturing to government and financial services, and every industry in between.

Threat level rises to high

As well as the increasing threat levels, the study also finds that 29 percent of respondents have found that cybersecurity is the most critical risk category facing enterprises today and 33 percent of respondents believe that information and cybersecurity risk will be the most critical category of risk facing their organization in the next 18-24 months.

In this context, the finding from the report that boards of directors are only updated on cybersecurity risk on a quarterly basis—sometimes event less – is of concern and an impediment to developing an effective cybersecurity strategy.

What should the CISO do?

However, some better news on the C-suite front is that where chief information security officers (CISOs) are in place, then these directors are updated much more frequently, with 70 percent saying they receive updates at least once a month. The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Boards are generally aware of cyber-risks. One interesting finding is that risk awareness correlates to seniority. As the respondent seniority level increases, the more aware they are of the risk that their enterprise faces.

There’s no ‘golden ticket guidance’

Awareness does not necessarily translate into meaningful action. While most survey respondents indicate that their enterprises have implemented the most fundamental risk management steps, including assessment (85 percent) and risk identification (81 percent), ongoing measurement and tracking of risk is less developed, and the ability to forecast new risk presents an area of challenge.

The report concludes that whilst there is no ‘golden ticket guidance’ that will work in every enterprise when it comes to risk optimization, there are measures that enterprises can adopt in order to make better decisions about risk and to improve the measures they have in place.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

OK, now find someone with a clue to make any of this plausible to a broken economy.

Tech & Science

Importantly, low blood oxygen levels often have no symptoms until organs are irreparably damaged.

Tech & Science

More than a dozen of the world's leading artificial intelligence firms made fresh safety commitments at a global summit in Seoul.


“What’s the point?” is a question Russia should have been asking for 120 years. It’s about time for an answer.