Without a Solid Foundation, Risk Management Is Doomed

This week, I’m in Sydney at our 2015 Gartner Security & Risk Management Summit speaking about Integrated Risk Management Solution (IRMS) strategies. Many companies are looking to RMS technology to enable their cyber risk management programs, particularly in Australia. For example, the Australian Securities & Investments Commission (ASIC) published guidance earlier this year for its regulated entities to bolster their cyber risk management practices. Here’s how ASIC describes the purpose of the guidance:

“It is intended to help our regulated population improve their cyber resilience by increasing their awareness of cyber risks, encouraging collaboration between industry and government, and identifying opportunities for them to improve their cyber resilience. It also aims to identify how cyber risks should be addressed as part of current legal and compliance obligations that are relevant to ASIC’s jurisdiction.”

To undertake this guidance, Australian companies will most certainly look to IRMS to help. However, based on our numerous client interactions, it is clear that many firms are either investing in IRMS before they have designed their risk management program or simply “cherry picking” solutions for specific risk management needs with no clear IRMS strategy. In both cases, the result is a weak or non-existent IRMS software platform that cannot produce a comprehensive understanding of an enterprise’s cyber risk profile.

So, how can companies create a solid foundation for IRMS? I will be exploring the Market Guide report plus our Magic Quadrant for Operational Risk Management with our Sydney Summit attendees this week. I’m sure we will be discussing the implications for meeting the ASIC guidance with IRMS technology. I’m looking forward to hearing how Australian companies are addressing these challenges to become more resilient.