While Risk Management is a “Significant” Commitment for Organizations, 76 Percent of Enterprises Lack a Holistic Strategy and More Than 70 Percent are in the Dark About Critical Assets and Vulnerabilities
SUNNYVALE, Calif., Feb. 2, 2017 – RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced the results of its global enterprise risk intelligence survey titled, “The Imperative to Raise Enterprise Risk Intelligence.” The study examines state of risk in enterprise environments and organizations’ overall approach to risk management. Among the most significant findings was three-quarters of organizations lack a comprehensive risk management strategy. The biggest fears for organizations were long-term damage to brand and reputation (63 percent), followed by security breaches (51 percent), business disruption (51 percent) and intellectual property loss (37 percent).
Conducted independently by the Ponemon Institute and sponsored by RiskVision, the survey examined 641 individuals involved in risk management activities within their organization, with 56 percent in executive and management positions.
“In light of numerous large-scale and high profile data breaches in the headlines throughout 2016, organizations are increasingly aware that they need to understand their risk exposure,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “And the biggest fear for most organizations isn’t security breaches, but long-term damage to brand and reputation. While security breaches are costly to detect and remediate, the expenses are finite. On the other hand, expenses around compliance, customer attrition and negative public relations incurred due to the resulting loss of brand and reputation are ongoing, sometimes dragged out for months or even years, and are much more difficult, if not almost impossible to predict or gauge.”
The survey found that the vast majority of enterprises are aware that managing risk in their organization has become increasingly necessary, with 83 percent maintaining it was either a “significant” or “very significant” commitment for them, and are thus maturing their program. However, more than three quarters of organizations (76 percent) say they either don’t have a clearly defined risk management strategy in place or the one that they have isn’t applicable to the entire enterprise, representing a significant disconnect between desired risk management practices, and what they can realistically achieve. What’s more, only 14 percent of respondents believe that their organization’s risk management processes were truly “effective.”
Other key findings include:
- The majority (52 percent) of organizations lack a formal budget for enterprise risk management.
- 63 percent fear reputational damage, followed by security breaches (51 percent) and business disruption (51 percent) as the biggest consequences resulting from lack of risk management.
- Lack of resources (44 percent), complexity (44 percent) and inability to get started (43 percent) represent the top three barriers to risk management goals.
- With respect to managing risk across the enterprise, 53 percent describe the working relationships between finance, operations, compliance, legal and IT as “operating in silos,” with little collaboration between departments.
- 69 percent of organizations don’t rate assets based on their criticality.
- 69 percent of enterprises either don’t have metrics for determining risk intelligence effectiveness or are not sure.
- Of the organizations that had a formal budget dedicated to enterprise risk management, 58 percent said they planned to spend between $1 million and $5 million on risk management solutions in the upcoming fiscal year.
“It’s encouraging that organizations are increasingly becoming more aware about the importance of risk and the growing need to understand their risk environment,” said Joe Fantuzzi, CEO of RiskVision. “That said, there is a big disparity between awareness and implementation of risk management practices in the enterprise. The vast majority of organizations don’t have a risk management strategy in place, while more than two thirds don’t rate assets based on criticality or don’t have metrics for determining risk intelligence effectiveness. You can’t measure what you can’t see. And in light of an increasingly regulated and sophisticated threat landscape, it will be incumbent upon organizations to truly understand the entirety of their risk environment, enabling them to prioritize and address the most critical issues before damaging their reputation beyond the ability to recover.”
To view the full Ponemon report, click here.
Attending RSAC 2017?
With less than two weeks remaining before RSAC 2017, consider swinging by Booth #NE3208 to find out how ‘Threat is the New Risk’ works and get a better understanding of some of RiskVision’s latest innovations in enterprise risk intelligence.
Booth attendees can also take part in an exciting promotion where visitors will have a chance to hack their way to $100,000 if they can “crack the code” of the RiskVision cash vault. For more information on RiskVision at RSAC, click here!
To set up a meeting during the show, please contact firstname.lastname@example.org.
RiskVision develops comprehensive risk intelligence solutions for the enterprise. The highly decorated RiskVision platform is the industry’s first risk intelligence solution designed for today’s real-time, big-data, threat-centric world. RiskVision’s architecture and design delivers the industry’s best usability, scale, automation and time-to-deployment advantages — at a fraction of the cost of traditional solutions. CIOs and CROs of the world’s leading organizations and government agencies rely on RiskVision; customers include AXA Group, Cisco, Deutsche Bank, E*TRADE, Exelon, First Data, Fiserv, HCL, Novartis, Roche, Safeway, Sheetz, Southern Co., Time Warner, United Health Group, U.S. Departments of Defense, Health & Human Services, Justice, and Veterans Affairs, and dozens of other clients worldwide. For more information, please visit riskvisioninc.com.