February 6, 2017 By Mark Samuels 2 min read

Organizations primarily fear potential reputational and brand damage rather than a security breach itself. Still, many businesses lack a risk management strategy to abate those fears.

According to a Ponemon Institute survey sponsored by RiskVision, 76 percent of businesses lack a holistic approach to risk. The report also suggested that organizations are concerned about the long-term brand damage that results from a breach.

Negative Headlines Keep Executives Awake

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said the results of the survey highlight organizations’ growing desire to understand their risk exposure. The requirement to comprehend risk, he said, has been prompted by an increasing number of high-profile data incidents and the resultant negative headlines.

While security incidents are expensive to remediate, the costs associated with reputational damage can be even greater. That explains why 63 percent of executives are primarily concerned about negative brand impact, while 51 percent are more worried about a security breach, according to the report.

Survey respondents were also notably concerned about business disruption (51 percent) and intellectual property loss (37 percent).

A Disconnect Between Theory and Practice

The research highlighted how growing fears around brand reputation and security breaches are helping to create a new executive-level focus on risk. As many as 82 percent of organizations indicated that risk management is now either a “significant” or “very significant” commitment.

However, a maturing risk program is no guarantee of success. The survey illustrated a separation between the theory of risk management strategy and on-the-ground implementation: Just 14 percent of executives indicated that their business have an effective risk management strategy.

Furthermore, 52 percent of organizations do not have a formal budget for enterprise risk management. This lack of resources is a significant impediment to controlling risk, according to 44 percent of respondents. The same number cited complexity as a challenge in this area, while 43 percent struggled to get started.

Senior Executives Must Take Risk Management Seriously

Joe Fantuzzi, CEO of RiskVision, said organizations must start to invest in risk measurement and analysis. He noted that more than two-thirds of business do not rate assets based on criticality or use metrics to assess risk management effectiveness.

The good news, according to Dark Reading, is that executives are waking up to the need for effective measurement. Just 21 percent of companies analyzed risk in real-time 18 months ago. Today, that figure stands at 32 percent. Gartner also noted an increased demand for risk management technologies.

Executives are increasingly waking up to the importance of a risk management strategy, but they must ensure their approach is more than simple lip service. Business leaders should create an all-encompassing strategy that focuses on measurement and action.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today