Based on public disclosures of risk oversight practices, such as those mandated by the U.S. Securities and Exchange Commission (SEC), public companies are focusing more effort and attention on improving their risk management programs, especially those related to cybersecurity and technology risk. In fact, in a recent survey of more than 600 board members by New York Stock Exchange (NYSE) Governance Services, 39% of directors said they discussed cybersecurity at every meeting. Cybersecurity and technology risk ranked fourth as a topic discussed at all meetings — behind strategy, regulatory compliance and capital allocation. In addition, four out of 10 respondents reported their board has at least one director with cyber expertise, with an additional 7% in the process of recruiting one.
Gartner recommends an integrated risk management (IRM) approach that includes a focus and understanding of the interrelationships between cybersecurity, technology risk, digital risk and operational risk. Through IRM, security and risk management leaders can develop a comprehensive risk strategy that balances the business performance and regulatory compliance requirements – see figure below.
Security and risk management leaders must quickly develop their risk management programs and methods for engaging with board members to keep pace with the board’s evolving risk management maturity and focus. The following seven activities will help to maximize the level of engagement with the board.
- Deliver IRM Reports at Every Board Meeting
- Define and Deploy Leading Risk Indicators
- Integrate Cybersecurity and Technology Risk With Broader Operational Risk
- Align Risk Management With Performance Management
- Articulate Risks Encountered Versus Authorized Risk Appetite
- Organize for Enterprise-wide Risk Identification and Accountability
- Use IRM Solutions to Inform Better Decision Making
Maintaining an effective dialogue with the board of directors is a must, especially as more companies experience greater losses associated with cyber attacks and digital risks. You can learn more through Gartner resources listed below.
Digital Risk Management Hub
Visit the Gartner Digital Risk Management Hub for complimentary research and webinars.
Gartner clients can read the full report titled How to Engage Your Board of Directors on IRM.
Category: audit-and-risk business-continuity-management cyber-risk cyber-security digital-risk enterprise-risk-management-program-management integrated-risk-management irm risk-assessment-process-and-methodologies risk-coverage risk-management risk-response-strategies security-of-applications-and-data technology-and-emerging-trends
Tags: digital-risk-management integrated-risk integrated-risk-management irm
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.