Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function as a trusted participant in the digital economy, according to Gartner.
“Through the first half of 2020, defining risk appetite has become even more of a challenge for security leaders,” says Jeffrey Wheatman, research vice president at Gartner and conference chair.
“The ability to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to working with business stakeholders on setting and managing organisational risk appetite and capitalising on opportunity,” he explains.
Wheatman says through the COVID-19 pandemic, security has been essential.
“During the initial response phase, security and risk teams identified new and amplified risks, assigned resources and shifted investments to meet business initiatives,” he says.
“Now that organisations have made their initial technology investments, chief information security officers (CISOs) and risk leaders have the opportunity to strengthen their organisations as they move through the recover and renew phases.
“For security teams, the recover phase is an opportunity to detect and mitigate new risks that may appear as a result of the initial response.”
Wheatman says the pandemic has also reinforced the critical need for security programs that are agile enough to react to minor and major extraneous shocks. As enterprises manage through the recovery and renewal phases, they must reengineer their programs to achieve this agility.
A recent Gartner survey found that 90% of CISOs believe that digital business will create new types and new levels of risk. However, 70% of respondents said that investment in risk management is not keeping up with these new higher levels of risk.
These findings combined offer huge opportunity for security and risk leaders, Gartner says.
“Business executives continue to focus on security as a strategic initiative. Organisations are exploring how technology can help them transform their operating models,” says Wheatman.
“This means that security and risk professionals have a fundamental role to play in helping their organisations through this transformation while avoiding unnecessary risk,” he says.
“Security and risk leaders have a unique ability to give business leaders the insights and tools to help them balance risk with the potential opportunity of digital transformation.”
Wheatman says the accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises.
“These teams are tasked with assessing and managing the risks resulting from the ever-growing number of touch points and the need to address a strategic view of customer risk and harm reduction.”
According to Gartner, finding the right balance between the business need to grab new opportunities to gain competitive advantage and the need to develop appropriate security policies that mitigate the prioritised business risks must be a key focus area for security and risk leaders through 2021.
“Once the chaos of the recovery begins to settle down, enterprises will experience the real new normal. In this phase, the future starts to become more plannable,” says Wheatman.
“This renew phase offers security and risk leaders a great opportunity to support their businesses objectives while being more proactive in identifying and managing risk and providing the resilience to move forward.”