RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced the results of its global enterprise risk intelligence survey titled, “The Imperative to Raise Enterprise Risk Intelligence.” The study examines state of risk in enterprise environments and organizations’ overall approach to risk management. Among the most significant findings was three-quarters of organizations lack a comprehensive risk management strategy. The biggest fears for organizations were long-term damage to brand and reputation (63 percent), followed by security breaches (51 percent), business disruption (51 percent) and intellectual property loss (37 percent).
Conducted independently by the Ponemon Institute and sponsored by RiskVision, the survey examined 641 individuals involved in risk management activities within their organization, with 56 percent in executive and management positions.
“In light of numerous large-scale and high profile data breaches in the headlines throughout 2016, organizations are increasingly aware that they need to understand their risk exposure,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “And the biggest fear for most organizations isn’t security breaches, but long-term damage to brand and reputation. While security breaches are costly to detect and remediate, the expenses are finite. On the other hand, expenses around compliance, customer attrition and negative public relations incurred due to the resulting loss of brand and reputation are ongoing, sometimes dragged out for months or even years, and are much more difficult, if not almost impossible to predict or gauge.”
The survey found that the vast majority of enterprises are aware that managing risk in their organization has become increasingly necessary, with 83 percent maintaining it was either a “significant” or “very significant” commitment for them, and are thus maturing their program. However, more than three quarters of organizations (76 percent) say they either don’t have a clearly defined risk management strategy in place or the one that they have isn’t applicable to the entire enterprise, representing a significant disconnect between desired risk management practices, and what they can realistically achieve. What’s more, only 14 percent of respondents believe that their organization’s risk management processes were truly “effective.”
Other key findings include:
- The majority (52 percent) of organizations lack a formal budget for enterprise risk management.
- 63 percent fear reputational damage, followed by security breaches (51 percent) and business disruption (51 percent) as the biggest consequences resulting from lack of risk management.
- Lack of resources (44 percent), complexity (44 percent) and inability to get started (43 percent) represent the top three barriers to risk management goals.
- With respect to managing risk across the enterprise, 53 percent describe the working relationships between finance, operations, compliance, legal and IT as “operating in silos,” with little collaboration between departments.
- 69 percent of organizations don’t rate assets based on their criticality.
- 69 percent of enterprises either don’t have metrics for determining risk intelligence effectiveness or are not sure.
- Of the organizations that had a formal budget dedicated to enterprise risk management, 58 percent said they planned to spend between $1 million and $5 million on risk management solutions in the upcoming fiscal year.
“It’s encouraging that organizations are increasingly becoming more aware about the importance of risk and the growing need to understand their risk environment,” said Joe Fantuzzi, CEO of RiskVision. “That said, there is a big disparity between awareness and implementation of risk management practices in the enterprise. The vast majority of organizations don’t have a risk management strategy in place, while more than two thirds don’t rate assets based on criticality or don’t have metrics for determining risk intelligence effectiveness. You can’t measure what you can’t see. And in light of an increasingly regulated and sophisticated threat landscape, it will be incumbent upon organizations to truly understand the entirety of their risk environment, enabling them to prioritize and address the most critical issues before damaging their reputation beyond the ability to recover.”
To view the full Ponemon report, please visit: https://www.riskvisioninc.com/2017-webform-ponemon-lp/L