C-Suite Anxiety: What Strategies Can Alleviate Executive Concerns Over Data Breaches?

All posts

Guess what: data breaches are a nightmare for business executives, according to new research. 

While probably not a huge surprise to most, the staggering costs of a data breach continue to climb into record territory.

A recent study from IBM and the Ponemon Institute showed that an average data breach can cost a company millions of dollars: in 2019 the bill hit a staggering $5.1 million. As if to add insult to injury, the odds that a company will experience a data breach are up 2% year-over-year, to 29.6%.

LogicGate’s inaugural ERM report, Enterprise Risk and the Modern Organization: A View from the Top, highlights the difficult job CEOs face in communicating risk—and the increasing importance of implementing ERM to identify and manage that risk. Our report used an online survey to obtain quantitative and qualitative responses from 100 CEOs representing a variety of sizes and industries. 

Although the complexity of risk across different departments and projects makes a common decision-making rubric difficult to create, we learned that identifying data-breach risk presents a definite problem. The C-level leaders we spoke to all worry about how to identify and communicate that risk across different departments. While about 3 in 4 CEOs rate their company’s overall Risk Identification favorably, they are concerned with risks in three categories: strategic, operational, and macroeconomic risk.

  • Strategic Risk: Ranked a top concern by 33% of CEOs and the second highest concern for another 38%, many worry about risk arising from third-party business partners as well as evolving customer demographics.

 

  • Operational Risk: Ranked a top concern by 33% of CEOs and second by another 26%, these CEOs cite cybersecurity insurance costs, and employee misconduct as major threats.

 

  • Macroeconomic Risk: 1 in 4 CEOs worry about the threat of a recession, followed by global political instability.

Challenges Created by Ongoing Risk Monitoring

CEOs recognize that although annual, quarterly, or weekly risk reviews are better than no risk management at all, those assessments can’t effectively protect their organizations from known and unknown risks. They voiced a need for constant, ongoing readiness to quickly respond to risks as they emerge. For many, this presents a challenge. 

Other challenges include:

  • Siloed departments common in core industries like financial services, healthcare, technology, media, and telecom, which make it difficult to attain cross-functional team involvement
  • An inability to define and communicate risk appetite organization-wide
  • A lack of scoring standards that impede the successful implementation of a risk scoring system or development of methodology that ensures the calculation of all scores according to that common standard
  • Limited buy-in or ownership from mid-level management and other employees outside the leadership ranks
  • Insubstantial or ineffective communication about risk posture companywide—from the bottom rungs of the org chart all the way to the board

The Future of Enterprise Risk Management

Knowing that managing enterprise risks is a critical need for their companies, CEOs are seeking simple, streamlined processes that accurately yield information about future risks and quantify known risks. 

The most effective ERMs address weaknesses of tracking/ risk scoring systems and key risk indicator (KRI) development. In their ongoing battle to manage risk, most CEOs share ERM information with their Boards, and many with their managers, too. 

To learn more, please download LogicGate’s report, Enterprise Risk and the Modern Organization: A View from the Top

All posts

Related Posts

View all posts