Business Risk – What are Industry Analysts Saying?


Thank you for your interest. Kindly fill out the details below and we will contact you back soon.

Contact Us

Please complete this form to be contacted by one of our experts.

[hubspot type=form portal=25515721 id=d6181c33-f2bb-4030-8cb7-108bef5e36c9]

  1. Home
  2. /
  3. Our Blog
  4. /
  5. Business Risk – What are Industry Analysts Saying?

Business risk comes up a lot in business and technical articles on the web. Especially regarding cybersecurity risk, as the threats are significant and very disruptive. Being hit with a devastating ransomware attack will disrupt day-to-day operations and impact revenue-generating activities. Depending on the severity of the attack and how long it takes to recover, the costs associated with a ransomware attack can run into millions of dollars even if the organisation does not pay a ransom to cybercriminals.

Other cyber attacks can also impact a business and pose risks that need to be planned for and mitigated. Common examples are data breaches of sensitive or commercially important information. These lead to reputational damage, and increasingly financial penalties from regulators in various territories.

Reputational damage can also come from bad actors impersonating your business identity via phishing or spear phishing attacks against prominent figures. 

Industry Analysts on Business Risk


Gartner’s View on Business Risk

Unsurprisingly, Gartner and their analyst teams have a lot to say about business risk in general and cyber risk specifically. They define both Risk Management and Risk Identification in their glossary. The latter definition includes the text:

“Risk identification (RI) is a set of activities that detect, describe and catalog all potential risks to assets and processes that could negatively impact business outcomes in terms of performance, quality, damage, loss or reputation.”

During their September 2023 Security & Risk Management Summit in London, Gartner issued a press release that estimates a 14% increase in security and risk management spending next year. And that security services would comprise 42% of the spend.

The London summit was the latest iteration of an event that Gartner holds several times each year in different global cities. The London event was spread over three days and included presentation sessions and panels covering topics relevant to cybersecurity. You can read a synopsis of each day’s sessions and the key takeaways from each via the links below.

Day 1 summary page at

    Day 2 summary page at

      Day 3 summary page at



      McKinsey & Company: What is business risk?

      McKinsey recently published an interesting article on the Featured Insights section of their site. The August 2023 article is titled: What is business risk? 

      The article explains what business risk is and how it affects organisations. It defines business risk as any potential harm or negative impact that can occur while running a business. There is a dedicated section discussing cyber risk and one on how to use a risk-based cybersecurity approach.

      The McKinsey article highlights that understanding and managing business risk is crucial for organisations that want sustainable growth and success. It provides insights into other types of risks, such as market, credit, liquidity, and legal risks, that may be useful to anyone unfamiliar with these areas. The article concludes by emphasising the importance of developing a robust risk management framework to proactively identify and mitigate potential risks.



      UK National Cyber Security Centre Risk Management Guidance

      Speaking of risk management, as the McKinsey article does, the UK National Cyber Security Centre (NCSC) has an excellent and comprehensive resource on the topic. The advice it contains is not UK-specific and will be useful to any organisation looking to manage its cyber risk. Quoting from the introduction:

      “This guidance is primarily aimed at cyber security risk practitioners who help their organisations understand and make decisions about cyber security risks. It will also be helpful to people who want to set up an effective cyber security risk management function within their organisation for the first time (or those seeking to improve existing functions).”

      The guidance has 15 sections that cover topics such as –

      • The fundamentals and basics of cyber risk
      • A framework for managing cyber security risk
      • Cyber security governance
      • A basic cyber risk assessment, analysis, and management method
      • Introducing cyber security risk quantification

      It’s a valuable resource. The introduction and entry page is at


      Final Thoughts

      There is a lot of useful information available on the topic of business risk and the cyber aspects of risk. I’ve highlighted three here. Let me know what you think and any resources you find helpful in the comments below or directly via LinkedIn.

      As always, Halodata is here to help your organisation assess, quantify, and mitigate your cyber risk. We have the industry contacts, partners, vendors, and internal expertise to ensure that any organisation can get optimal cybersecurity protection. No matter where on the cybersecurity journey your organisation is Talk to the Halodata team today to find out more.

      It’s Time to Get Started with Halodata

      Request Demo

      Contact Us

      Please complete this form to be contacted by one of our experts.

      [hubspot type=form portal=25515721 id=d6181c33-f2bb-4030-8cb7-108bef5e36c9]

      Talk to one of our experts and discover the benefits of Halodata for your company.