Securing the Digital World

Calling the Shots in Digital Risk Management

Oct 10, 2019 | by Heidi Bleau |

Sports is not just seasonal in my house but rather a year-round event.  Baseball, football and basketball consume the house between my two boys, sometimes overlapping seasons and even teams (travel, AAU, rec).  If you're a sports parent, you feel my pain. The one part of the perpetual sports season that I look forward to most is travel basketball for my younger son.  Last year, at only ten years old, his AAU team went undefeated, and his travel team won the state championship.

His position: he is the point guard.  For those of you not familiar with basketball, the point guard is the one who "calls the shots" on the court.  The point guard runs the offense, sets up the plays and makes decisions on the fly as to where the best scoring opportunity is.  This is where the importance of teamwork comes in because you must have solid, reliable players you can pass the ball to in order to maximize the scoring opportunities. 

Like a basketball point guard, organizations face similar challenges when it comes to managing digital risk.  The first, and most important, question to answer is, "Who owns it?"  Is it the CEO, CIO, CISO, CRO or someone else?  This seems like it would be the easiest question to answer, but it is surprisingly not that obvious. 

Digital risk management is a true team sport in business, if there ever was one.  It is a multi-faceted mission that involves several operational functions within an organization which has made it difficult to answer the question of ownership.  According to the RSA® Digital Risk Report, the functions with the most involvement today in setting an organization's digital risk strategy are IT, security and risk management, although numerous other functions play a key role including compliance, operations, finance, and legal.

Recognizing the complexity of managing digital risk, industry analysts have called for the creation of a new role, the Chief Digital Risk Officer (CDRO) whose goal is to craft the mindset that digital risk is not a technology/IT problem, but a business problem that must be embraced by multiple enterprise teams.  The CDRO is like the point guard in basketball; she or he owns digital risk but relies on a functional team across IT, security, risk, finance and others to be successful.  An article by Raconteur notes, "While there are more than 2,000 people worldwide with the 'chief risk officer' title, a LinkedIn search (in late 2018) still turns up just a handful of CDROs."

Once ownership is established, there is still the question of who determines digital risk (the answer is shockingly small but you'll have to attend our upcoming webinar to find out the answer) and how to quantify it in a meaningful way.  Not easy shots to call.

Taking on digital transformation and the associated risks is not like taking an easy layup but rather attempting a fadeaway shot behind the three-point line with five seconds to spare to win the game.  And having a point guard to own it will be critical to success.

# # #

Join leading analyst from Ovum Consulting, Maxine Holt, and RSA on October 15 for a discussion on digital risk. Based off extensive research conducted by Ovum, on behalf of RSA, find out who is taking the lead on digital risk management, how organizations are quantifying it and get recommendations for how to start tackling it head on.

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity.