Organizations Look to Adopt Integrated IT GRC Solutions to Ward Off Cyberattacks, Survey FindsIT GRC/Cybersecurity | 3 Min Read |29 July 21|by Hrishikesh Choudhari
Cyber risk has undoubtedly moved up the priority list and taken the center stage in boardroom discussions with the rapid pace of digital transformation of organizations and amplified data-dependency and interconnectedness. The COVID-19 pandemic and the resulting remote working environment have only aggravated the challenges for security teams as the entire workforce moved home—beyond the reach of the office firewall. In these unprecedented times, ensuring robust cyber defense infrastructure to protect critical assets is of paramount importance.
We recently conducted a survey to take a pulse of the current state of IT and cyber risk management programs at organizations. Here are the key takeaways from the survey:
- Most survey respondents (45%) identified a lack of visibility on cyber risks across the enterprise as the major challenge faced by their organization.
- A majority of organizations (83%) still depend on basic office productivity software, knowledge management software, and point solutions for their cyber risk management requirements. The implementation of an integrated IT GRC solution is at a low level across industries.
- Only 28% of the respondents said that their organization's cyber risk and compliance program is fully aligned with the broader enterprise risk and compliance management programs.
- Most respondents (45%) said that they changed their plans and approaches to cyber risk and compliance management and reprioritized their activities to contend with the pandemic-driven new operational landscape, while 33% of the participants said they deployed new tools and systems to enhance their efficiency.
- 41% of the respondents said that they are going to implement specific solutions in FY 2021 to ensure compliance with regulatory requirements and standards.
- 30% of the respondents said that they are interested in implementing a centralized cyber risk and compliance solution.
It is encouraging to see that switching to digitized and centralized GRC solutions is among the top priorities of organizations this year. These solutions can help improve risk visibility and foresight, facilitate continuous monitoring of IT and cyber controls, and streamline overall cyber risk and compliance management. Innovative features, such as support for mobility, real-time reporting, advanced risk analytics, regulatory notifications, and more, further assist executive management and board in quick and efficient decision-making.
“The ultimate goal isn’t to avoid cyber risk but rather transforming it into strategic advantage—because things can and will inevitably go wrong at some point. But if organizations build their cyber resilience—the ability to not just prevent cyberattacks but also minimizing the impact of security incidents and ensuring continued business operations in the aftermath of attacks—that’s when they can truly thrive and create business value,” an excerpt from the report reads.
Cyber Risk to Dominate Risk Strategies
Our flagship event, GRC Summit, was held recently and brought together the best in the industry to share risk management strategies and best practices, and how to build better governed, more risk-aware, compliant, and resilient enterprises that thrive on risk.
Unsurprisingly, cyber risk has emerged as one of the top risks faced by organizations today, and risk leaders believe that it will continue to dominate the risk strategies going forward. To that end, security experts discussed some of the key considerations for ensuring a robust cybersecurity program:
- Aligning cyber strategy with business goals and objectives.
- Positioning CISO and security leaders at the right level so that they can better focus on their core responsibilities.
- Ensuring that CISOs and the security team provide frequent updates on the cybersecurity posture to the board so that there is no communication gap.
- Quantifying cyber risks for prioritizing risks and controls and determining how much to spend on each control.
- Increasing transparency into employee communications so that they have clarity not only on corporate policies but also how a crisis is being managed
The best-prepared organizations in the world today are those that use risk as their competitive advantage. Quantifying cyber risks in a manner that makes sense to the executive board and helps them make sound cybersecurity investment decisions is critical for organizations to thrive in today’s digital world. The Cyber Risk Quantification capability of MetricStream IT and Cyber Risk Management can make it considerably easier for organizations to quantify cyber risks in monetary terms, which can then be easily communicated to the top management and board.