sb-au logo
Story image

Gartner: Security leaders must balance risk, trust and opportunity

Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function as a trusted participant in the digital economy, according to Gartner.

“Through the first half of 2020, defining risk appetite has become even more of a challenge for security leaders,” says Jeffrey Wheatman, research vice president at Gartner and conference chair. 

“The ability to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to working with business stakeholders on setting and managing organisational risk appetite and capitalising on opportunity," he explains.

Wheatman says through the COVID-19 pandemic, security has been essential.

"During the initial response phase, security and risk teams identified new and amplified risks, assigned resources and shifted investments to meet business initiatives,” he says.

“Now that organisations have made their initial technology investments, chief information security officers (CISOs) and risk leaders have the opportunity to strengthen their organisations as they move through the recover and renew phases. 

"For security teams, the recover phase is an opportunity to detect and mitigate new risks that may appear as a result of the initial response.”

Wheatman says the pandemic has also reinforced the critical need for security programs that are agile enough to react to minor and major extraneous shocks. As enterprises manage through the recovery and renewal phases, they must reengineer their programs to achieve this agility.

A recent Gartner survey found that 90% of CISOs believe that digital business will create new types and new levels of risk. However, 70% of respondents said that investment in risk management is not keeping up with these new higher levels of risk. 

These findings combined offer huge opportunity for security and risk leaders, Gartner says.

“Business executives continue to focus on security as a strategic initiative. Organisations are exploring how technology can help them transform their operating models," says Wheatman.

"This means that security and risk professionals have a fundamental role to play in helping their organisations through this transformation while avoiding unnecessary risk,”  he says.

“Security and risk leaders have a unique ability to give business leaders the insights and tools to help them balance risk with the potential opportunity of digital transformation.”

Wheatman says the accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises. 

"These teams are tasked with assessing and managing the risks resulting from the ever-growing number of touch points and the need to address a strategic view of customer risk and harm reduction."

According to Gartner, finding the right balance between the business need to grab new opportunities to gain competitive advantage and the need to develop appropriate security policies that mitigate the prioritised business risks must be a key focus area for security and risk leaders through 2021.

“Once the chaos of the recovery begins to settle down, enterprises will experience the real new normal. In this phase, the future starts to become more plannable,” says Wheatman. 

“This renew phase offers security and risk leaders a great opportunity to support their businesses objectives while being more proactive in identifying and managing risk and providing the resilience to move forward.”

Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Sapien Cyber and Honeywell tackle Aus cybersecurity market
“We are incredibly excited to be working with an organisation with the global reputation of Honeywell, which will provide a single solution unique to the Honeywell/Sapien partnership that will address client’s end-to-end cybersecurity requirements.”More