Blog post

Are Companies Really Worried About Digital Risk?

By John A. Wheeler | December 23, 2014 | 1 Comment

Tech and Service ProvidersSecurity and Risk Management LeadersRisk ManagementOperational risk managementIT risk managementIRMintegrated risk managementInformation technologyGRCEnterprise risk managementDigital riskCyber securityAudit and Risk

As the dust begins to settle on the Sony Pictures Entertainment data breach, we continue to see major threats to corporate digital assets become reality. And they are growing in both size and impact on corporations, well beyond customer personally identifiable information (PII). In Sony Pictures’ case, the breach extended to the very digital assets it produces. So, one has to wonder, are other companies really worried about digital risk?

Well, based on some recent survey data, I’d have to say – yes, they are worried. In fact, several weeks ago, I published an analysis of our annual Gartner IT Risk Management Survey and it contains some telling results. It showed that demands from board members and senior executives for IT risk management data increased dramatically in the past year. In 2013, only 46% of survey respondents noted that IT risk management data influenced board level decision making. However, in 2014, that percentage rose to a whopping 70% (see figure below).

Source: Gartner (October 2014)

Our research is not alone. Boston Consulting Group also reports that 2014 has seen an increase of 126% in cyber attacks reported by companies, an increase of 83% in references to digital asset security in top broker research and an increase of 9% in worldwide spending in IT security.

So, the challenge for companies now is how to equip themselves for future threats and protect their most vital digital assets. That is also what the focus of our risk management research at Gartner is designed to address. In 2015, we will be investigating how companies are evolving their IT risk management programs to better manage these growing digital risks.

To learn more, visit or click here to access more of my latest research.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • Barry Schrager says:

    It’s good to see the rise in Board and Executive concerns But are they engaging outside experts for real security reviews? That is a crucial first step.