Skip to main content
close search
site logo
Dive Brief

Shift to digital business is booming, but are CEOs ignoring associated risk?

Published Sept. 27, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; Johan Larsson

Dive Brief:

  • Developing a "risk-aware" culture means deciphering the difference between digital business risk and cyber risk, said John Wheeler, senior director analyst at Gartner, while speaking at the FAIR Conference in National Harbor, Maryland Wednesday.
  • From a technology perspective, taking certain cyber risks help businesses set out for new markets and new regions. Digital business risk, however, is focused on processes, products and services, and what will prompt growth. 
  • Integrated risk management (IRM) is the next generation to risk management, building on governance, risk and compliance (GRC) principles. "While some may say GRC is dying, IRM is simply GRC in different clothing," said Wheeler.

Dive Insight:

Digital business is where CEOs want to move their companies, but they have to recognize, "if we're digital, it's not only huge risk, it's complex risk," said Wheeler. 

About 82% of CEOs say they have some form of a management initiative or program in place for handling the digital business, according to Gartner. "What they don't get is associated risk," said Wheeler. 

Digital business is supported by key drivers of risk, as it relates to CEOs' need to extend into new markets and new customers by introducing new products or services "on the backs of third parties," said Wheeler. It also takes internet of things to enhance services, existing legacy systems and data at risk of being compromised. 

Additionally, third party risk, which exists beyond a company's core network and into the cloud, is "stuff that CEOs really do not understand." 

The gap between the risk cases unreliably informs the C-suite and board of overall risk appetite. A true management initiative, like IRM, helps risk and/or CISOs more comfortably articulate risk in the language their C-suite speaks. 

When risk and security organizations can quantify risk in terms of its impact on critical business outcomes, the breakthrough occurs. By 2021, half of companies will use an IRM solution for better calculating risk, according to Gartner. 

The model allows for those presenting risk scenarios to their boards to take it out of the confines of IT or cyber risk and introduce it more broadly in a true business context.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell