Business Risk – What are Industry Analysts Saying?
APPLY FOR PARTNERSHIP
Thank you for your interest. Kindly fill out the details below and we will contact you back soon.
Please complete this form to be contacted by one of our experts.
Business risk comes up a lot in business and technical articles on the web. Especially regarding cybersecurity risk, as the threats are significant and very disruptive. Being hit with a devastating ransomware attack will disrupt day-to-day operations and impact revenue-generating activities. Depending on the severity of the attack and how long it takes to recover, the costs associated with a ransomware attack can run into millions of dollars even if the organisation does not pay a ransom to cybercriminals.
Other cyber attacks can also impact a business and pose risks that need to be planned for and mitigated. Common examples are data breaches of sensitive or commercially important information. These lead to reputational damage, and increasingly financial penalties from regulators in various territories.
Reputational damage can also come from bad actors impersonating your business identity via phishing or spear phishing attacks against prominent figures.
Industry Analysts on Business Risk
Gartner’s View on Business Risk
Unsurprisingly, Gartner and their analyst teams have a lot to say about business risk in general and cyber risk specifically. They define both Risk Management and Risk Identification in their glossary. The latter definition includes the text:
“Risk identification (RI) is a set of activities that detect, describe and catalog all potential risks to assets and processes that could negatively impact business outcomes in terms of performance, quality, damage, loss or reputation.”
During their September 2023 Security & Risk Management Summit in London, Gartner issued a press release that estimates a 14% increase in security and risk management spending next year. And that security services would comprise 42% of the spend.
The London summit was the latest iteration of an event that Gartner holds several times each year in different global cities. The London event was spread over three days and included presentation sessions and panels covering topics relevant to cybersecurity. You can read a synopsis of each day’s sessions and the key takeaways from each via the links below.
McKinsey & Company: What is business risk?
The article explains what business risk is and how it affects organisations. It defines business risk as any potential harm or negative impact that can occur while running a business. There is a dedicated section discussing cyber risk and one on how to use a risk-based cybersecurity approach.
The McKinsey article highlights that understanding and managing business risk is crucial for organisations that want sustainable growth and success. It provides insights into other types of risks, such as market, credit, liquidity, and legal risks, that may be useful to anyone unfamiliar with these areas. The article concludes by emphasising the importance of developing a robust risk management framework to proactively identify and mitigate potential risks.
UK National Cyber Security Centre Risk Management Guidance
Speaking of risk management, as the McKinsey article does, the UK National Cyber Security Centre (NCSC) has an excellent and comprehensive resource on the topic. The advice it contains is not UK-specific and will be useful to any organisation looking to manage its cyber risk. Quoting from the introduction:
“This guidance is primarily aimed at cyber security risk practitioners who help their organisations understand and make decisions about cyber security risks. It will also be helpful to people who want to set up an effective cyber security risk management function within their organisation for the first time (or those seeking to improve existing functions).”
The guidance has 15 sections that cover topics such as –
- The fundamentals and basics of cyber risk
- A framework for managing cyber security risk
- Cyber security governance
- A basic cyber risk assessment, analysis, and management method
- Introducing cyber security risk quantification
It’s a valuable resource. The introduction and entry page is at https://www.ncsc.gov.uk/collection/risk-management.
There is a lot of useful information available on the topic of business risk and the cyber aspects of risk. I’ve highlighted three here. Let me know what you think and any resources you find helpful in the comments below or directly via LinkedIn.
As always, Halodata is here to help your organisation assess, quantify, and mitigate your cyber risk. We have the industry contacts, partners, vendors, and internal expertise to ensure that any organisation can get optimal cybersecurity protection. No matter where on the cybersecurity journey your organisation is Talk to the Halodata team today to find out more.