Organizations primarily fear potential reputational and brand damage rather than a security breach itself. Still, many businesses lack a risk management strategy to abate those fears.

According to a Ponemon Institute survey sponsored by RiskVision, 76 percent of businesses lack a holistic approach to risk. The report also suggested that organizations are concerned about the long-term brand damage that results from a breach.

Negative Headlines Keep Executives Awake

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said the results of the survey highlight organizations’ growing desire to understand their risk exposure. The requirement to comprehend risk, he said, has been prompted by an increasing number of high-profile data incidents and the resultant negative headlines.

While security incidents are expensive to remediate, the costs associated with reputational damage can be even greater. That explains why 63 percent of executives are primarily concerned about negative brand impact, while 51 percent are more worried about a security breach, according to the report.

Survey respondents were also notably concerned about business disruption (51 percent) and intellectual property loss (37 percent).

A Disconnect Between Theory and Practice

The research highlighted how growing fears around brand reputation and security breaches are helping to create a new executive-level focus on risk. As many as 82 percent of organizations indicated that risk management is now either a “significant” or “very significant” commitment.

However, a maturing risk program is no guarantee of success. The survey illustrated a separation between the theory of risk management strategy and on-the-ground implementation: Just 14 percent of executives indicated that their business have an effective risk management strategy.

Furthermore, 52 percent of organizations do not have a formal budget for enterprise risk management. This lack of resources is a significant impediment to controlling risk, according to 44 percent of respondents. The same number cited complexity as a challenge in this area, while 43 percent struggled to get started.

Senior Executives Must Take Risk Management Seriously

Joe Fantuzzi, CEO of RiskVision, said organizations must start to invest in risk measurement and analysis. He noted that more than two-thirds of business do not rate assets based on criticality or use metrics to assess risk management effectiveness.

The good news, according to Dark Reading, is that executives are waking up to the need for effective measurement. Just 21 percent of companies analyzed risk in real-time 18 months ago. Today, that figure stands at 32 percent. Gartner also noted an increased demand for risk management technologies.

Executives are increasingly waking up to the importance of a risk management strategy, but they must ensure their approach is more than simple lip service. Business leaders should create an all-encompassing strategy that focuses on measurement and action.

more from

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal […]