Securing the Digital World

Driving Investment in Digital Risk Management

Jul 22, 2019 | by Heidi Bleau |

Every business across every vertical is undergoing some type of digital transformation. Whether it's deploying internal collaboration tools, automating business processes or launching new services to improve customer engagement, digital technology is the lynchpin for transformation. But in the process of adopting new digital technologies, organizations increase their exposure to a variety of new and unexpected digital risks.

There is no one technology that creates less risk than another. Today, all new technology creates some type of risk. The need to deliver value to customers, keep pace with competitors and modernize traditional systems puts pressure on organizations to accelerate both technology adoption and development. Consider how mobile apps have revolutionized digital business, cutting traditional development cycles from months, to weeks, and in some cases, even to days.

This shift has progressed for years, but it's accelerating as innovative technology floods the market and consumers pressure businesses to go digital. Through the process, organizations have been confronted by how to deal with the uncertainty of what security and risk challenges lie ahead, typically issues concerning data privacy, uptime and resiliency, preventing cyber attacks, and managing third-party risk.

To confront these challenges effectively, better coordination between security and risk management teams is a must. Equally critical: the work that security and risk teams are doing must be viewed as strategic at the highest levels of the company. For example, many security and risk professionals today find themselves in a reactive state of "headline management" because their organization's leadership focuses on avoiding a large-scale breach vs. understanding the factors that contributed to the story.

Even the most collaborative security and risk teams will not be effective if they are unable to speak the language of the C-suite, which is why some level of cyber risk quantification is essential. Banks and retailers understand this well because of one of the most prolific digital risks they face—fraud. Defining fraud management success is critical to getting executives to support investment decisions. For example, research sponsored by RSA on the topic found that the three KPIs that consistently mattered most to senior leadership, regardless of industry, were fraud losses, expenses, and the impact on customers.

Collaboration between security and risk management functions also encompasses working together to spark an enterprise-wide conversation around digital risk management. This means working with other functional executives and business unit leadership to understand their priorities and ensure the security strategy and posture of the business is properly aligned. These kinds of high-level, strategic conversations will also help security and risk management teams define digital risk management success according to the goals and initiatives that are most important to executives.

Ultimately, the winners in the age of digital transformation will be those organizations that are proactively addressing risk and effectively communicating the positive (or negative) impact on the business. When executives understand the strategic role that security and risk management play in helping an organization meet its objectives, it's much easier for CISOs and CROs to make the case for new investments. 

# # #

Hear tips and best practices from industry leaders about how they are managing digital risk in their organizations by joining our C-Level webinar series, "Demystifying Digital Risk."  Sign up today.

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity