How to perform a risk assessment: Rethinking the process

New regulations and a changing threat landscape mean you need a different approach to your security risk assessment process.

risk assessment - safety analysis - security audit

The world has changed significantly in the past two years, and so have the rules around assessing cyber security risk. A combination of greater digital business penetration, a wider array of risks, and bigger consequences of cyber threats have made the world of risk management both more complex and more important than ever.

Sadly, word hasn’t yet gotten out that risk management is an essential part of today’s business operations. According to this PwC study cited by Silicon Republic, 40 percent of Irish companies are failing to do any risk assessments whatsoever.

Gartner’s IT Risk Management report from last summer tried to address the growing complexity of this space and divided the market into seven different segments, including auditing, vendor risk management and operational risks. It presented a magic quadrant of ten vendors, including ServiceNow, Dell/RSA Archer and others. They recognized that the market is evolving rapidly as IT buyers are looking for more comprehensive solutions that can be deployed across a wide range of conditions and workflows. 

Things are moving so quickly that even a year-old report is somewhat outdated. Let’s look at these changes and then discuss what you can do to improve your processes, change your organizational structure, and be better prepared to understand and address future cyber risks to your business. 

Change #1: Security is now everyone’s concern

Information security now is something that is the concern of the entire enterprise, and no longer the exclusive domain of the IT department. “Until 18 months ago, most companies viewed cyber-based risks as strictly under the purview of their IT departments,” says Charles Jacco, a principal at KPMG’s security services practice.

To continue reading this article register now

The 10 most powerful cybersecurity companies