Data breaches are a constant worry for most organizations, although a new study from the Ponemon Institute has shown that while the theft of data is a concern, it is the fallout from poor risk management that is the biggest worry. The biggest fear is not loss of data but loss of reputation.
The study, which was sponsored by RiskVision, was conducted on 641 professionals involved in risk management at their respective organizations. When asked about their biggest fears from poor risk management, 63% said reputation damage. Security breaches only ranked in second place along with business disruption, jointly cited as a major concern by 51% of respondents.
Damage to a brand is almost certain to happen after a data breach is experienced or intellectual property is stolen. While it is usually possible to recover from a data breach, loss of reputation is harder to resolve. Stock market prices can tumble and companies may find recovery incredibly difficult. Reputation loss in extreme cases can prove catastrophic.
These fears have prompted many organizations to develop a risk management plan as well as a data breach response plan. Only 24% of organizations surveyed said they had a clearly defined risk management strategy while a third said their strategy wasn’t clearly defined. Of those that did have a strategy in place, just 37% said it was very effective.
Risk management planning is a complex process and there are many barriers that companies can face when developing their strategies. All too often, there is a lack of collaboration between different departments involved in risk management planning. 53% of respondents said collaboration problems had hampered their risk management efforts.
Companies also face strict budgetary restrictions with many companies admitting to not allocating any funds for risk management. More than half of respondents (52%) said that they did not have a formal budget for risk management. 43% of respondents said they were struggling to get started and many were unsure what the best approach to risk modelling was. The complexity of the task was a problem for 44% of respondents and 44% said they were hampered by a lack of resources.
Fortunately, organizations are realizing the benefits of effective risk management and are developing strategies to manage risk and deal with security breaches when they occur. When RiskVision conducted the survey 18 months ago, 21% of businesses said they measured risk in real-time, while this year the figure has jumped to 32%. The amount of money that will be committed to risk management is also increasing at the majority of organizations. 58% of those surveyed said they planned to spend between $1 million and $5 million on managing risk over the next financial year.