In my previous blog post, I utilized the analogy of a race car vs. an armored car to demonstrate the need for a “Risk First, Security Second” approach to cyber security for digital business. Well, never did I believe that someone would actually demonstrate this analogy in real life – until yesterday. As you will see in the video below, a gentleman by the name of Doug Demuro raced his Hummer (the closest thing to an armored car you will ever see on a race track) against a group of sports race cars.
As you would expect, the very safe and secure Hummer did not fare very well. In fact, it only made it around the track five times before its engine overheated. It simply could not sustain the high speed required to compete with the more agile, light-weight sports cars. It is the same with companies who maintain a “Security First” mindset. They weigh down their IT assets with so many controls, that they cannot sustain the high performance and agility required to meet stakeholder demands.
A “Risk First” approach is required to focus on the most critical risks that will impact a company’s ability to achieve the desired business objective. In this “real-life” analogy, winning the race is the desired objective and controls such as advanced braking systems are certainly more important than bullet-proof armor.
So, this now “real-life” analogy is crystal clear. To compete on the digital business race track, companies must adopt a “Risk First, Security Second” mindset. Learn more about managing digital risk at our upcoming Gartner Security & Risk Management Summits in locations across the globe. Hope to see you there!
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: cyber-risk cyber-security digital-risk enterprise-risk-management information-technology risk-management security-of-applications-and-data technology-and-emerging-trends
Tags: digital-business digital-risk-2 gartnersec information-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.