Gartner: Businesses must balance risk, trust and opportunity
Gartner has advised security and risk leaders to focus on balancing risk, trust and opportunity to help their organisations function as a trusted participant in the digital economy, particularly in the current uncertain environment. Jeffrey Wheatman, Research Vice President at Gartner, noted that defining risk appetite has become more challenging for security leaders through the first half of 2020.
“The ability to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to working with business stakeholders on setting and managing organisational risk appetite and capitalising on opportunity,” Wheatley said.
During the COVID-19 pandemic, security has been essential, with security and risk teams identifying new and amplified risks, assigning resources and shifting investments to meet business initiatives during the initial phase.
“Now that organisations have made their initial technology investments, chief information security officers (CISOs) and risk leaders have the opportunity to strengthen their organisations as they move through the recover and renew phases. For security teams, the recover phase is an opportunity to detect and mitigate new risks that may appear as a result of the initial response,” Wheatman said.
The pandemic has also reinforced the need for security programs that can react to minor and major extraneous shocks. As enterprises manage through the recovery and renewal phases, they must reengineer their programs to achieve this agility.
A recent Gartner survey found that 90% of CISOs believe that digital business will create new types and new levels of risk. However, 70% of respondents said that investment in risk management is not keeping up with these new higher levels of risk. These findings offer an opportunity for security and risk leaders. Business executives continue to focus on security as a strategic initiative, with organisations exploring how technology can help them transform their operating models. Wheatman notes that as a result, security and risk professionals play a fundamental role to help their organisations through this transformation while avoiding unnecessary risk.
“Security and risk leaders have a unique ability to give business leaders the insights and tools to help them balance risk with the potential opportunity of digital transformation,” Wheatman said.
The accelerated adoption of digital transformation means that interacting with clients and citizens necessitates the establishment of dedicated digital trust and safety teams in enterprises. These teams can assess and manage the risks resulting from the increasing number of touch points, and the need to address a strategic view of customer risk and harm reduction.
Security and risk leaders must also focus on finding the right balance between grasping new opportunities to help businesses gain a competitive advantage and developing appropriate security policies that mitigate the prioritised business risks. Wheatman noted that once the chaos of the recovery period begins to settle down, enterprises will experience the real new normal, in which the future becomes more plannable.
“This renew phase offers security and risk leaders a great opportunity to support their businesses’ objectives while being more proactive in identifying and managing risk and providing the resilience to move forward,” Wheatman said.
Phishing attacks have surged 450% in the last year as attackers become increasingly adept at...
ANZ organisations face an increased risk of occupational fraud due to the combined factors of the...
Apple, Microsoft and Google have all committed to offering extended support to the FIDO...