Light Dark
February 6, 2017 By Mark Samuels 2 min read

Organizations primarily fear potential reputational and brand damage rather than a security breach itself. Still, many businesses lack a risk management strategy to abate those fears.

According to a Ponemon Institute survey sponsored by RiskVision, 76 percent of businesses lack a holistic approach to risk. The report also suggested that organizations are concerned about the long-term brand damage that results from a breach.

Negative Headlines Keep Executives Awake

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said the results of the survey highlight organizations’ growing desire to understand their risk exposure. The requirement to comprehend risk, he said, has been prompted by an increasing number of high-profile data incidents and the resultant negative headlines.

While security incidents are expensive to remediate, the costs associated with reputational damage can be even greater. That explains why 63 percent of executives are primarily concerned about negative brand impact, while 51 percent are more worried about a security breach, according to the report.

Survey respondents were also notably concerned about business disruption (51 percent) and intellectual property loss (37 percent).

A Disconnect Between Theory and Practice

The research highlighted how growing fears around brand reputation and security breaches are helping to create a new executive-level focus on risk. As many as 82 percent of organizations indicated that risk management is now either a “significant” or “very significant” commitment.

However, a maturing risk program is no guarantee of success. The survey illustrated a separation between the theory of risk management strategy and on-the-ground implementation: Just 14 percent of executives indicated that their business have an effective risk management strategy.

Furthermore, 52 percent of organizations do not have a formal budget for enterprise risk management. This lack of resources is a significant impediment to controlling risk, according to 44 percent of respondents. The same number cited complexity as a challenge in this area, while 43 percent struggled to get started.

Senior Executives Must Take Risk Management Seriously

Joe Fantuzzi, CEO of RiskVision, said organizations must start to invest in risk measurement and analysis. He noted that more than two-thirds of business do not rate assets based on criticality or use metrics to assess risk management effectiveness.

The good news, according to Dark Reading, is that executives are waking up to the need for effective measurement. Just 21 percent of companies analyzed risk in real-time 18 months ago. Today, that figure stands at 32 percent. Gartner also noted an increased demand for risk management technologies.

Executives are increasingly waking up to the importance of a risk management strategy, but they must ensure their approach is more than simple lip service. Business leaders should create an all-encompassing strategy that focuses on measurement and action.

 |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now.The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP).DMP’s benefits and vulnerabilitiesDMP predicts memory addresses that the code is most…

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature