Are your board members and senior executives concerned about the risk of a major data breach or targeted cyber-attack? Chances are very good that they are alarmed by all of the bad press, misinformation, and general hysteria over IT risks and their potential to wreak havoc on a company’s business operations. This creates an overriding focus on what Gartner analysts typically label as FUD – fear, uncertainty and doubt. While some of this concern may be warranted and can serve to heighten the profile of IT risk and security professionals, it can obfuscate the real risks that have a more direct impact on a company.
According to our recently published 2013 Global Risk Management Survey, 54% of boards are not effectively utilizing risk management data to inform their decision making. So, what is informing their decision making? FUD, of course. However, focusing on FUD generally leads to an over-emphasis IT risks that may have a limited impact on your business. It also typically leads to highly reactionary, emotion-driven decisions that are usually very costly and not all that effective.
How do you avoid this FUD trap? The best way is to focus squarely on the uncertainty around achieving your own company’s strategic objectives and desired business outcomes. Using key risk indicators that are linked to corporate performance targets will lead to more proactive, data-driven decision making. Gartner’s Risk-Adjusted Value Management (RVM) methodology and Business Risk Model will help strengthen your company’s use of risk data. As a result, the associated fear and doubt will dissipate and the focus will remain on what is most important – making the business successful.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.