The pandemic has also reinforced the critical need for security programs that are agile enough to react to minor and major extraneous shocks
In the current uncertain environment, security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organizations to function as a trusted participant in the digital economy, according to Gartner.
“Through the first half of 2020, defining risk appetite has become even more of a challenge for security leaders,” said Jeffrey Wheatman, research vice president at Gartner and conference chair. “The ability to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to working with business stakeholders on setting and managing organizational risk appetite and capitalizing on opportunity.”
“Through the COVID-19 pandemic, security has been essential. During the initial response phase, security and risk teams identified new and amplified risks, assigned resources and shifted investments to meet business initiatives,” said Wheatman. “Now that organizations have made their initial technology investments, chief information security officers (CISOs) and risk leaders have the opportunity to strengthen their organizations as they move through the recover and renew phases. For security teams, the recover phase is an opportunity to detect and mitigate new risks that may appear as a result of the initial response.”
The pandemic has also reinforced the critical need for security programs that are agile enough to react to minor and major extraneous shocks. As enterprises manage through the recovery and renewal phases, they must reengineer their programs to achieve this agility.
A recent Gartner survey found that 90% of CISOs believe that digital business will create new types and new levels of risk. However, 70% of respondents said that investment in risk management is not keeping up with these new higher levels of risk. These findings combined offer huge opportunity for security and risk leaders.
“Business executives continue to focus on security as a strategic initiative. Organizations are exploring how technology can help them transform their operating models. This means that security and risk professionals have a fundamental role to play in helping their organizations through this transformation while avoiding unnecessary risk,” said Wheatman. “Security and risk leaders have a unique ability to give business leaders the insights and tools to help them balance risk with the potential opportunity of digital transformation.”
The accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises. These teams are tasked with assessing and managing the risks resulting from the ever-growing number of touch points and the need to address a strategic view of customer risk and harm reduction.
Finding the right balance between the business need to grab new opportunities to gain competitive advantage and the need to develop appropriate security policies that mitigate the prioritized business risks must be a key focus area for security and risk leaders through 2021.
“Once the chaos of the recovery begins to settle down, enterprises will experience the real new normal. In this phase, the future starts to become more plannable,” said Wheatman. “This renew phase offers security and risk leaders a great opportunity to support their businesses objectives while being more proactive in identifying and managing risk and providing the resilience to move forward.”