Light Dark
February 6, 2017 By Mark Samuels 2 min read

Organizations primarily fear potential reputational and brand damage rather than a security breach itself. Still, many businesses lack a risk management strategy to abate those fears.

According to a Ponemon Institute survey sponsored by RiskVision, 76 percent of businesses lack a holistic approach to risk. The report also suggested that organizations are concerned about the long-term brand damage that results from a breach.

Negative Headlines Keep Executives Awake

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said the results of the survey highlight organizations’ growing desire to understand their risk exposure. The requirement to comprehend risk, he said, has been prompted by an increasing number of high-profile data incidents and the resultant negative headlines.

While security incidents are expensive to remediate, the costs associated with reputational damage can be even greater. That explains why 63 percent of executives are primarily concerned about negative brand impact, while 51 percent are more worried about a security breach, according to the report.

Survey respondents were also notably concerned about business disruption (51 percent) and intellectual property loss (37 percent).

A Disconnect Between Theory and Practice

The research highlighted how growing fears around brand reputation and security breaches are helping to create a new executive-level focus on risk. As many as 82 percent of organizations indicated that risk management is now either a “significant” or “very significant” commitment.

However, a maturing risk program is no guarantee of success. The survey illustrated a separation between the theory of risk management strategy and on-the-ground implementation: Just 14 percent of executives indicated that their business have an effective risk management strategy.

Furthermore, 52 percent of organizations do not have a formal budget for enterprise risk management. This lack of resources is a significant impediment to controlling risk, according to 44 percent of respondents. The same number cited complexity as a challenge in this area, while 43 percent struggled to get started.

Senior Executives Must Take Risk Management Seriously

Joe Fantuzzi, CEO of RiskVision, said organizations must start to invest in risk measurement and analysis. He noted that more than two-thirds of business do not rate assets based on criticality or use metrics to assess risk management effectiveness.

The good news, according to Dark Reading, is that executives are waking up to the need for effective measurement. Just 21 percent of companies analyzed risk in real-time 18 months ago. Today, that figure stands at 32 percent. Gartner also noted an increased demand for risk management technologies.

Executives are increasingly waking up to the importance of a risk management strategy, but they must ensure their approach is more than simple lip service. Business leaders should create an all-encompassing strategy that focuses on measurement and action.

 |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature