Skip to main content
close search
site logo
Dive Brief

Shift to digital business is booming, but are CEOs ignoring associated risk?

Published Sept. 27, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; Johan Larsson

Dive Brief:

  • Developing a "risk-aware" culture means deciphering the difference between digital business risk and cyber risk, said John Wheeler, senior director analyst at Gartner, while speaking at the FAIR Conference in National Harbor, Maryland Wednesday.
  • From a technology perspective, taking certain cyber risks help businesses set out for new markets and new regions. Digital business risk, however, is focused on processes, products and services, and what will prompt growth. 
  • Integrated risk management (IRM) is the next generation to risk management, building on governance, risk and compliance (GRC) principles. "While some may say GRC is dying, IRM is simply GRC in different clothing," said Wheeler.

Dive Insight:

Digital business is where CEOs want to move their companies, but they have to recognize, "if we're digital, it's not only huge risk, it's complex risk," said Wheeler. 

About 82% of CEOs say they have some form of a management initiative or program in place for handling the digital business, according to Gartner. "What they don't get is associated risk," said Wheeler. 

Digital business is supported by key drivers of risk, as it relates to CEOs' need to extend into new markets and new customers by introducing new products or services "on the backs of third parties," said Wheeler. It also takes internet of things to enhance services, existing legacy systems and data at risk of being compromised. 

Additionally, third party risk, which exists beyond a company's core network and into the cloud, is "stuff that CEOs really do not understand." 

The gap between the risk cases unreliably informs the C-suite and board of overall risk appetite. A true management initiative, like IRM, helps risk and/or CISOs more comfortably articulate risk in the language their C-suite speaks. 

When risk and security organizations can quantify risk in terms of its impact on critical business outcomes, the breakthrough occurs. By 2021, half of companies will use an IRM solution for better calculating risk, according to Gartner. 

The model allows for those presenting risk scenarios to their boards to take it out of the confines of IT or cyber risk and introduce it more broadly in a true business context.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
A10 Networks Outlines Blueprint to Secure and Deliver AI Applications and Help Increase Cyber …
From A10 Networks
October 16, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell