February 6, 2017 By Mark Samuels 2 min read

Organizations primarily fear potential reputational and brand damage rather than a security breach itself. Still, many businesses lack a risk management strategy to abate those fears.

According to a Ponemon Institute survey sponsored by RiskVision, 76 percent of businesses lack a holistic approach to risk. The report also suggested that organizations are concerned about the long-term brand damage that results from a breach.

Negative Headlines Keep Executives Awake

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said the results of the survey highlight organizations’ growing desire to understand their risk exposure. The requirement to comprehend risk, he said, has been prompted by an increasing number of high-profile data incidents and the resultant negative headlines.

While security incidents are expensive to remediate, the costs associated with reputational damage can be even greater. That explains why 63 percent of executives are primarily concerned about negative brand impact, while 51 percent are more worried about a security breach, according to the report.

Survey respondents were also notably concerned about business disruption (51 percent) and intellectual property loss (37 percent).

A Disconnect Between Theory and Practice

The research highlighted how growing fears around brand reputation and security breaches are helping to create a new executive-level focus on risk. As many as 82 percent of organizations indicated that risk management is now either a “significant” or “very significant” commitment.

However, a maturing risk program is no guarantee of success. The survey illustrated a separation between the theory of risk management strategy and on-the-ground implementation: Just 14 percent of executives indicated that their business have an effective risk management strategy.

Furthermore, 52 percent of organizations do not have a formal budget for enterprise risk management. This lack of resources is a significant impediment to controlling risk, according to 44 percent of respondents. The same number cited complexity as a challenge in this area, while 43 percent struggled to get started.

Senior Executives Must Take Risk Management Seriously

Joe Fantuzzi, CEO of RiskVision, said organizations must start to invest in risk measurement and analysis. He noted that more than two-thirds of business do not rate assets based on criticality or use metrics to assess risk management effectiveness.

The good news, according to Dark Reading, is that executives are waking up to the need for effective measurement. Just 21 percent of companies analyzed risk in real-time 18 months ago. Today, that figure stands at 32 percent. Gartner also noted an increased demand for risk management technologies.

Executives are increasingly waking up to the importance of a risk management strategy, but they must ensure their approach is more than simple lip service. Business leaders should create an all-encompassing strategy that focuses on measurement and action.

More from

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today