Gartner Blog Network

Recent Cyber Attacks Demonstrate Why IRM is Critical for ERM Success

by John A. Wheeler  |  October 12, 2018  |  Submit a Comment

In the last few weeks, several global shipping ports have been targeted with major cyber attacks. Ports in San Diego, California and Barcelona, Spain experienced significant business disruption as a result of ransomware. Land operations such as loading/unloading of boats as well as other related business services were halted for days while the technology groups worked to remedy the situation. These types of events are increasing in frequency and the resulting impacts are growing in severity. So, how can these emerging risks be managed to limit the amount of business disruption?

Gartner recommends an integrated risk management (IRM) approach that links the strategic focus of enterprise risk management (ERM) programs with the tactical steps necessary to secure the most relevant business assets. ERM programs typically are effective for companies looking to better understand their strategic risks (particularly their financial and reputational risks that can result in catastrophic business failure). However, ERM programsĀ are not as effective addressing risks at lower levels that can have an equally devastating impact. In my thousands of Gartner client interactions over the past seven years, I’ve found that ERM programs are great at providing a broad, horizontal view of performance/strategic, financial and reputational risks across an organization. What the programs lack is the ability to provide a vertically, integrated view of risk that spans business operations (see figure below).


This vertically, integrated view of risk should include the full scope of operational risks deep into the organization – including HR, legal/compliance and technology. Of even greater importance is the ability to assess technology risks in a business context to allow for more effective management of cyber security and technology resilience. Without the higher level business context, many organizations are blindly chasing after security threats and patching vulnerabilities that may or may not result in significant business disruption. If your company faces this challenge, consider improving your ERM program by deploying IRM technology solutions to better manage your emerging risks.

Read more about IRM technology solution providers in our latest “Magic Quadrant for Integrated Risk Management” (Gartner subscription required) or access IRM customer reviews for free at Gartner Peer Insights. Also, if you are interested in developing a strategic plan for ERM that includes an integrated risk management approach, read our latest e-book “How to Build a Successful Strategic Plan for Risk” for free.


Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: audit-and-risk  business-continuity-management  compliance-management  cyber-risk  cyber-security  enterprise-risk-management  enterprise-risk-management-program-management  integrated-risk-management  irm  legal-risk  risk-assessment-process-and-methodologies  risk-coverage  risk-management  risk-response-strategies  security  strategic-risk  technology-and-emerging-trends  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.