Gartner advised security and risk executives to focus on balancing risk, trust, and opportunity to help their organizations function as a trusted participant in the digital economy, especially in the digital economy. current uncertain environment. Jeffrey Wheatman, vice president of research at Gartner, noted that defining risk appetite has become more difficult for security officials in the first half of 2020.
“The ability to communicate the real impacts of change and chaos, or in other words achieving the right level of balance, is essential for working with business stakeholders on defining and managing the ‘appetite for organizational risk and capitalization of opportunities,’ said Wheatley.
During the COVID-19 pandemic, security has been key, with security and risk management teams identifying new and amplified risks, allocating resources, and redirecting investments to respond to business initiatives during the initial phase.
“Now that organizations have made their initial technology investments, Information Security Officers (CISOs) and Risk Managers have the opportunity to strengthen their organizations throughout the recovery and renewal phases. For security teams, the recovery phase is an opportunity to detect and mitigate new risks that may emerge as a result of the initial response, ”said Wheatman.
The pandemic has also reinforced the need for security programs capable of responding to minor and major external shocks. As companies manage the recovery and renewal phases, they need to reorganize their programs to achieve this agility.
A recent Gartner survey found that 90% of CISOs believe digital activities will create new types and levels of risk. However, 70% of respondents said investing in risk management does not keep up with these new, higher levels of risk. These results provide an opportunity for security and risk managers. Business leaders continue to focus on security as a strategic initiative, with organizations exploring how technology can help them transform their operating models. Wheatman notes that as a result, security and risk professionals play a fundamental role in helping their organizations navigate this transformation while avoiding unnecessary risk.
“Security and risk managers have a unique ability to give business leaders the information and tools to help them balance risk with the potential opportunity of digital transformation,” said Wheatman.
The accelerated adoption of digital transformation means that interaction with customers and citizens requires the establishment of teams dedicated to digital trust and security in enterprises. These teams can assess and manage the risks resulting from the growing number of touchpoints and the need to address a strategic view of customer risk and risk reduction.
Security and risk managers should also focus on finding the right balance between seizing new opportunities to help companies gain a competitive advantage and developing appropriate security policies that mitigate priority business risks. Wheatman noted that once the chaos of the recovery period begins to set in, businesses will experience the real new normal, in which the future becomes more predictable.
“This renewal phase offers security and risk managers a great opportunity to support their business goals while being more proactive in identifying and managing risk and providing the resilience to move forward. Wheatman said.