Light Dark
June 27, 2018 By Paula Musich 2 min read
Data Protection
Risk Management

Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.

There was plenty of buzz at the conference around blockchain, machine learning, cyber warfare — and the imminent implementation of the General Data Protection Regulation (GDPR). However, the major theme of the event centered around the management of cyber risks.

Speak the Language of Business Risk

For many IT security practitioners, cyber risk management is a double-edged sword. It stimulates greater educational opportunities to help security professionals translate technical jargon into the language of business risk, which the C-suite and board of directors can more easily understand. This increased attention can also unleash a cacophony of competing marketing messages from different vendors — further muddying the waters and creating more confusion.

The conference also highlighted the fact that security is indeed a board-level issue. The president of the RSA, Rohit Ghai, referenced a survey in his keynote which revealed that 89 percent of respondents from the National Association of Corporate Directors (NACD) said they discuss cybersecurity on a regular basis. (This is up from 40 percent in 2012.)

Ghai also touched on the important role of collaboration in managing cyber risks. These decisions must involve multiple stakeholders, including security practitioners, risk teams, policymakers, IT leaders and even users. In the high-stakes world of cybersecurity, top executives bear personal accountability for major data breaches.

Improve Risk Management to Defend Critical Data

The 2018 RSA Conference also saw a solid lineup of sessions and workshops designed to educate security professionals on how to get a better handle on cyber risks. What was the key takeaway from these sessions? Organizations must focus on finding and protecting their crown jewels. According to Ghai, that is the only asymmetric advantage that enterprises have.

Related: Data Risk Management in 2018: What to Look for and How to Prepare

It’s more important than ever to apply and appropriately disseminate formal risk management processes for evaluating information assets and the vulnerabilities that threaten to compromise them. If this information is not managed and presented to each level of management — up to and including the board of directors — there is no way to determine how much money to apply to make the proper decisions to combat high risk. For example, there’s no point in spending $100,000 to mitigate a potential $50,000 loss.

To identify and properly protect the enterprise’s crown jewels, the data risk management plan must include repeatable processes to identify those critical assets, understand the value they represent and describe how their associated risk should be managed. This strategy requires IT, lines of business and security teams to align in the way they prioritize these risks. By making risk the common language across those groups, organizations can more effectively assign accountability and ensure the security and privacy of the enterprise’s most critical data.

In the age of data sprawl, sophisticated and resourceful cyber adversaries — and the increasing cost of a data breach — risk management can be a highly effective weapon in the fight to protect enterprise assets.

Read the white paper: Data Risk Management in 2018 — What to Look for and How to Prepare

 |  |  |  |  |  |  |  |  | 
Paula Musich
Research Director

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature