Gartner Blog Network


To Finish First in Digital Business, Security Must Be Second

by John A. Wheeler  |  May 19, 2015  |  7 Comments

This weekend, the famous Indianapolis 500 will be run for the 99th time with a slate of more than 30 race cars competing to win the “Greatest Spectacle in Racing”. The run-up to this event reminds me of the current state of digital business – teams of individuals working together to optimize their business operations for a grueling, yet fast-paced competition at the highest level. Without a doubt, in the Indy 500 and in digital business, risk is at the forefront of everyone’s mind. The primary difference between the two is that the car race, unlike digital business, is a life or death proposition.

However, many businesses today are ill-equipped for the new world of digital business because they view it like car racing – a life or death proposition. They are frightened by the latest high-profile, devastating cyber attacks – Sony, Anthem, Target, et al. So, their entry in the “Digital Business 500” looks much like an amored car – very secure and safe, yet low on performance.

CEOs are demanding more. In fact, in our 2015 CEO Survey: Committing to Digital, 83% of CEOs consider “agility” most important relative to risk management, 77% expect new types and higher levels of digital risk, and 65% believe risk management is lagging in investment and maturity. To win the “Digital Business 500”, CEOs realize that they need a business that looks like an Indy Car – high on performance and fine-tuned by highly trained professionals to be safe and secure.

At our upcoming Gartner Security & Risk Management Summit, my colleagues Peter Firstbrook, Avivah Litan and Ant Allan will kick-off the event with a keynote highlighting the need for a “Risk First, Security Second” approach. Much like a racing team, risk and security management pros must first understand the risks before treating them. By taking a “Security First” approach, they may have a very secure and safe business, but not one designed for the race conditions they are facing in digital business.

In fact, with this notion in mind, I think our Summit is inappropriately named. It should be more aptly named the Gartner RISK & Security Management Summit. Whatever the name, it will be a great event with more than 2,500 RISK and security management pros in attendance. Hope to see you there!armoredcarvsindycar

 

Additional Resources

Category: cyber-risk  cyber-security  data-and-analytics-strategies  digital-risk  it-risk-management  operational-risk-management  risk-management  security  strategic-risk  technology-and-emerging-trends  

Tags: cyber-security  digital-business  digital-risk-2  gartner  information-security  it-security  it-security-and-risk  john-wheeler  security  

John A. Wheeler
Global Research Leader - Risk Management Technology
8 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio


Thoughts on To Finish First in Digital Business, Security Must Be Second


  1. […] the pace of business has increased, businesses are demanding more of IT. Gartner research director John Wheeler identified the problem[6]: “[IT is] frightened by the latest high-profile, devastating cyber attacks – Sony, […]

  2. […] my previous blog post, I utilized the analogy of a race car vs. an armored car to demonstrate the need for a “Risk […]

  3. […] comprehensive situational awareness of security and risk management status across organizations. In a second blog , Gartner analysts argue for a “Risk First, Security Second” approach under which risk and […]

  4. Rajesh Kulandaivadivelu says:

    Why do those companies (Anthem, Target, et al) then failed or lost the race, you think? Or for that matter, the big Banks that collapsed and caused a recession? It’s because they viewed the Business as a Indy race and went with Risk first approach, didn’t they?

    • John A. Wheeler says:

      Thanks for the comment. My view is that the companies you mention were simply racing without a “restrictor plate” on their engine. As a result, they were racing at ever-higher speeds which ultimately led to their crash.

  5. Ken Hawrylak says:

    Very interesting analogy, I’ve always followed the risk first, security second in all of my projects as nothing is ever 100% secure.

    If a threat is so miniscule, is there a reason to throw the armoured truck at it? Or is there a more efficient, faster way of mitigating that threat? These questions must be answered before implementation of any administrative, logical or physical systems.

  6. […] comprehensive situational awareness of security and risk management status across organizations. In a second blog , Gartner analysts argue for a “Risk First, Security Second” approach under which risk and […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.