In the last few weeks, several global shipping ports have been targeted with major cyber attacks. Ports in San Diego, California and Barcelona, Spain experienced significant business disruption as a result of ransomware. Land operations such as loading/unloading of boats as well as other related business services were halted for days while the technology groups worked to remedy the situation. These types of events are increasing in frequency and the resulting impacts are growing in severity. So, how can these emerging risks be managed to limit the amount of business disruption?
Gartner recommends an integrated risk management (IRM) approach that links the strategic focus of enterprise risk management (ERM) programs with the tactical steps necessary to secure the most relevant business assets. ERM programs typically are effective for companies looking to better understand their strategic risks (particularly their financial and reputational risks that can result in catastrophic business failure). However, ERM programs are not as effective addressing risks at lower levels that can have an equally devastating impact. In my thousands of Gartner client interactions over the past seven years, I’ve found that ERM programs are great at providing a broad, horizontal view of performance/strategic, financial and reputational risks across an organization. What the programs lack is the ability to provide a vertically, integrated view of risk that spans business operations (see figure below).
This vertically, integrated view of risk should include the full scope of operational risks deep into the organization – including HR, legal/compliance and technology. Of even greater importance is the ability to assess technology risks in a business context to allow for more effective management of cyber security and technology resilience. Without the higher level business context, many organizations are blindly chasing after security threats and patching vulnerabilities that may or may not result in significant business disruption. If your company faces this challenge, consider improving your ERM program by deploying IRM technology solutions to better manage your emerging risks.
Read more about IRM technology solution providers in our latest “Magic Quadrant for Integrated Risk Management” (Gartner subscription required) or access IRM customer reviews for free at Gartner Peer Insights. Also, if you are interested in developing a strategic plan for ERM that includes an integrated risk management approach, read our latest e-book “How to Build a Successful Strategic Plan for Risk” for free.
Category: audit-and-risk business-continuity-management compliance-management cyber-risk cyber-security enterprise-risk-management enterprise-risk-management-program-management integrated-risk-management irm legal-risk risk-assessment-process-and-methodologies risk-coverage risk-management risk-response-strategies security strategic-risk technology-and-emerging-trends
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.