Security now one of the top risks for business leaders worldwide

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.net-security.org/secworld.php?id=17930

Cybersecurity has come to the forefront of risk oversight for board members
and C-suite executives, according to results of a survey of business
executives by Protiviti and the Enterprise Risk Management (ERM) Initiative
at the North Carolina State University Poole College of Management.

More than half of the global 277 survey respondents (53 percent) indicated
that insufficient preparation to manage cyber threats is a risk that will
"significantly impact" their organizations this year. Following a string of
data breaches in the past year, cyber threats jumped to number three this
year, up three rank positions in year-over-year survey results, reflecting
increased concern about operational and reputational damage associated with
potential breaches.

The survey findings suggest that while the business environment in 2015
will be somewhat less risky than in the previous two years, most of the
business leaders surveyed indicated that they are more likely to invest in
additional risk management resources in 2015.

The survey also identified differing perceptions between boards of
directors and members of the executive team regarding the current risk
environment; CEOs and boards of directors reported more optimism about risk
issues while CFOs and chief audit executives perceived a more risky
business environment.

"While regulation continues to be top-of-mind for business leaders
worldwide, there are emerging risks that are receiving increased
consideration and attention. Based on our ongoing conversations with boards
and executive teams, we added five new risk areas for participants to rank
in the survey this year. Two of these made it to the top 10 risk list: one
focused on organizational culture and its ability to encourage
identification and escalation of risk concerns and the other on customer
retention in the face of evolving customer preferences," said Jim DeLoach,
a managing director with Protiviti. "The top-10 ranking of these two risks
indicates a shift in mindset and priorities for corporate leaders. As a
result, we expect there will be increased oversight in these areas at the
board level during the next year."

The top 10 risks for 2015

Following are the top 10 risks identified in the annual risk survey, along
with the percentages of respondents who identified each risk as having a
"Significant Impact" on their business.

- Regulatory changes and heightened regulatory scrutiny may affect the
manner in which our products or services will be produced or delivered (67
percent)
-Economic conditions in markets we currently serve may significantly
restrict growth opportunities for our organization (56 percent)
- Our organization may not be sufficiently prepared to manage cyber threats
that have the potential to significantly disrupt our core operations and/or
damage our brand (53 percent)
- Our organization's succession challenges and ability to attract and
retain top talent may limit our ability to achieve operational targets (56
percent)
- Our organization's culture may not sufficiently encourage the timely
identification and escalation of risk issues that have the potential to
significantly affect our core operations and achievement of strategic
objectives (51 percent)
- Resistance to change may restrict our organization from making necessary
adjustments to the business model and core operations (49 percent)
- Ensuring privacy/identity management and information security/system
protection may require significant resources for us (52 percent)
- Our organization may not be sufficiently prepared to manage an unexpected
crisis significantly impacting our reputation (46 percent)
- Sustaining customer loyalty and retention may be increasingly difficult
due to evolving customer preferences and/or demographic shifts in our
existing customer base (48 percent)
- Our existing operations may not be able to meet performance expectations
related to quality, time to market, cost and innovation as well as our
competitors (46 percent).

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!