The RSA® Digital Risk Index
A risk assessment tool for organizations tackling digital transformation
Assess Your Digital Risk in Minutes
The RSA® Digital Risk Index
The RSA® Digital Risk Index
Are you struggling to gauge how much risk your organization faces from digital transformation?
Take our quick self-assessment, and in a matter of minutes, you'll have a much clearer understanding of your digital risk exposure.
The RSA Digital Risk Index walks you through a series of questions and asks you to evaluate your organization against a variety of digital risk factors. Based on your answers, the tool calculates your organization's exposure and highlights specific focus areas where you can take immediate action. Sound good? Then let's get started.
Want to learn more about how to use the RSA Digital Risk Index? Watch the demo.
| Progress: | ||||||||||||||||||||||||||||||
| Risk Factors | Risk Factors | Risk Factors | Capabilities | Capabilities | Results | |||||||||||||||||||||||||
Please evaluate your organization on a scale of 1 to 100 against the following digital risk factors:
Move the slider to the position that best describes your organization's geographic footprint. Does your organization operate from a...
| Single Country |
Multiple Countries in a Single Region |
Multiple Regions |
International |
(Hover over each option for an explanation.)
Move the slider to the position that best describes the extent to which your organization is bound to comply with local, national, international or industry regulations. (These may be financial regulations, security/privacy regulations, health and safety regulations, environmental regulations, etc.)
| Minimal | Moderate | Significant | Extreme |
Move the slider to the position that best describes the extent to which your organization's business operations and objectives depend on third parties.
| No Dependence | Minimal | Moderate | High |
Move the slider to the position that best describes your organization's business continuity and disaster recovery requirements.
| Minimal | Average | Signficant | Extremely High |
Move the slider to the position that best describes the complexity of your business. Consider the complexity of your organization's business model and strategy, the scope of the products and services your organization offers, its geographic scope, reliance on third parties, etc.
| Minimal | Moderate | Significant | Extremely Complex |
Move the slider to the position that best describes the complexity of your IT architecture. Consider, for example, the number of technical components it encompasses, the amount of processing power it requires, the size of your data sets, and the extent to which you're adding new technology to it.
| Minimal | Moderate | Significant | Extremely Complex |
Use the slider to indicate the number of endpoint devices (e.g., laptops, servers, workstations, and mobile and IoT devices) and users your IT organization needs to support. Consider both internal and external users.
| Small | Medium | Large | Extra Large |
Move the slider to the position that best describes the information technology your organization uses to run its business.
| Traditional Technology |
New Technology, Established Vendors |
Progressive | Cutting-Edge Technology from Startups |
(Hover over each option for an explanation.)
Move the slider to the position that best describes the type or range of data your organization handles (inclusive left to right).
| Internal | Confidential | Highly Proprietary | Regulated |
(Hover over each option for an explanation.)
Move the slider to the position that best indicates the extent to which your business uses cloud technology.
| No Use | Minimal | Moderate | Extensive |
Now we'd like to ask you a few quick questions about your organization's capabilities for managing digital risk. (We define digital risk as the new and often unexpected consequences of digital transformation, digital business practices and adoption of related technologies.) This won't take long. You'll have your results shortly.
On a scale of 1 to 100, please evaluate your organization's capabilities for managing the following areas of digital risk:
How would you describe your organization's core security capabilities including vulnerability management, security monitoring, and threat detection and response? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's capabilities around business continuity, disaster recovery and crisis management? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's data privacy controls, data access controls, and its processes for identifying and classifying data? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's processes for securing cloud infrastructure and assessing/managing related risks? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's processes for managing user access and identities? (We're talking all users, internal and external, whether they be employees, customers or third parties.) Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's capabilities for identifying and managing risks related to third parties? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's capabilities for assessing and managing the risks associated with digitizing and automating manual business processes? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
How would you describe your organization's capabilities for managing regulatory changes, testing compliance controls, and providing assurance reporting to regulators and auditors? Move the slider to the position that best describes your organization.
| Fragmented | Consistent | Defined | Measurable | Optimized |
(Hover over each option for an explanation.)
Results: Digital Risk Challenges
Your Score: Minimal
Companies with minimal challenges face fewer obstacles to managing digital risk due to the smaller size, scope and complexity of their businesses. To stay ahead of digital risk challenges, establish cost-effective practices that allow your organization to manage these risks proactively, with fewer resources.
Your Score: Moderate
Companies with moderate challenges face some obstacles in managing digital risk. To overcome these challenges, develop effective practices that reduce risk while balancing effort with return on investment.
Your Score: Significant
Companies with significant challenges face obstacles in managing digital risk due to various complexities in their businesses. To overcome these obstacles, focus on broad program elements that are effective, efficient and maintain a solid level of flexibility so your organization can adjust its controls based on changing risks.
Your Score: Serious
Companies with serious challenges face the most obstacles in managing digital risk due to the size, scope and complexity of their organizations. To overcome these obstacles, establish an extensible risk management program that takes into account your organization and industry's complicated and volatile risk landscape.
Your calculated risk for each area of digital risk:
| Cybersecurity | Business Resiliency | Data Governance and Privacy | Cloud |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
| Identity and Access Management | Third-Party Governance | Process Risk/ Operational Risk | Compliance |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Results: Your Practices vs. Your Risk
The table below shows how your organization's digital risk management capabilities stack up against the various risk factors. The graph to your right highlights areas where your risk management practices may be misaligned with the overall potential risk your organization faces.
Your risk practices compared to your risk exposure:
| Practices | Risk | Results | |
|---|---|---|---|
| Cybersecurity | Cybersecurity | 0 | Something |
| Business Resiliency | Business Resiliency | 0 | |
| Data Governance and Privacy | Data Governance and Privacy | 0 | |
| Cloud | Cloud | 0 | |
| Identity and Access Management | Identity and Access Management | 0 | |
| Third-Party Governance | Third-Party Governance | 0 | |
| Process Risk/ Operational Risk | Process Risk/Operational Risk | 0 | |
| Compliance | Compliance | 0 |
Results: Digital Risk Factors
Your exposure to digital risk factors:
| Geographic Scope | Compliance Requirements |
|---|---|
| 0 | 0 |
| External Parties | Business Resiliency Requirements |
|---|---|
| 0 | 0 |
| Business Complexity | Technical Complexity |
|---|---|
| 0 | 0 |
| Device and User Footprint | Technology Profile |
|---|---|
| 0 | 0 |
| Data Profile | Cloud Usage |
|---|---|
| 0 | 0 |
Results: How Risk Factors Contribute
Impact of Risk Factors on Each Area of Digital Risk
The chart on the right illustrates the contribution that each of the 10 digital risk factors have on each of the eight areas of digital risk. It's basically a graphical representation of the formulas the Digital Risk Index uses to calculate each area of risk. Hover over the colors in the bars to see the weighting for each risk factor across the eight risk areas.
Digital Risk Index: Recommendations for You
We've identified the areas where your risk exposure is either significantly or moderately greater than your organization's current capabilities for handling it. We recommend starting your digital risk management journey by making one of these areas a priority. These resources will give you practical tips for addressing each area.
Congratulations! Your organization's risk management practices seem well-aligned to the exposure you face from digital risk. We recommend you continue to invest in these practices and continually evaluate your digital risk exposure. Remember: risks change as your business evolves, so risk management should be an active program and security should be a strong part of it. Return to the RSA Digital Risk Index if aspects of your digital risk management changes.
Cybersecurity
| Practices | Risk |
|---|---|
E-Book
A 4-Step Approach to Mitigating Business Risks from Cyber Attacks
Early detection and rapid response capabilities are essential to limiting the impact of a cyber attack. Learn what it takes to implement a truly coordinated response to cyber attacks across IT, security, risk management and business stakeholders.
Business Resiliency
| Practices | Risk |
|---|---|
E-Book
4 Steps to Coordinate Business Resiliency
Digital transformation confers organizations with new sources of competitive advantage, but it can also make them more susceptible to a wide variety of disruptions. Download the e-book to learn how to build resiliency across your business.
Data Governance and Privacy
| Practices | Risk |
|---|---|
Solution Brief
Helping Address Data Governance for GDPR with RSA
GDPR sets a high bar for data governance that many organizations would be wise to follow, regardless of whether they're bound to comply with the law. Download the solution brief to see how RSA supports strong data governance practices.
Cloud
| Practices | Risk |
|---|---|
Solution Brief
Securing Your Cloud Transformation
Mitigating the many risks associated with operating public, private or hybrid cloud environments requires a unified approach across IT, security and risk. See how RSA can help with third-party risk management and governance, authentication, and advanced threat detection.
Identity and Access Management
| Practices | Risk |
|---|---|
Solution Brief
Manage Dynamic Workforce Risk
IT and security teams have more user identities and points of access to manage across more locations than ever. Learn what it takes to manage the security and access risks created by today's dynamic workforce and see how RSA can help.
Third-Party Governance
| Practices | Risk |
|---|---|
E-Book
5 Tips for Managing Third-Party Risk
The more your organization depends on third parties, the more rigorously it needs to manage them and monitor the risks they create. This e-book breaks down the daunting task of third-party risk management into a series of eminently practical and sensible tips.
Process Risk/Operational Risk
| Practices | Risk |
|---|---|
White Paper
Risk Profiles of 5 Digital Operating Models
Are your organization's digital initiatives customer facing, aimed at reducing costs, or designed to automate manufacturing processes? Each type of initiative will present different risks. Read this white paper to understand which digital risks your organization will need to focus on.
Compliance
| Practices | Risk |
|---|---|
White Paper
Maturity Model for Compliance
This maturity model for regulatory and corporate compliance management describes the milestones an organization must meet as it transforms its compliance posture from reactive to proactive and risk-based.
Thanks for spending time with the Digital Risk Index. We invite you to download the following resources to deepen your understanding of digital risk.
White Paper
10 Factors Affecting Your Digital Risk Profile
This 3-page PDF describes each of the 10 digital risk factors you encountered in the Digital Risk Index. Download the paper to understand which factors and risks are likely to have the most impact on your business's digital initiatives.
White Paper
5 Risk Profiles of Digital Operating Models
The World Economic Forum defines five digital operating models transforming business today. Find out which of these models most closely mirror your organization's digital initiatives and learn about the risks associated with each model.