Light Dark
June 27, 2018 By Paula Musich 2 min read
Data Protection
Risk Management

Although it’s quickly fading in the rearview mirror, the April 2018 RSA Conference underscored growing interest in a more disciplined style of cyber risk management that mirrors traditional business risk management.

There was plenty of buzz at the conference around blockchain, machine learning, cyber warfare — and the imminent implementation of the General Data Protection Regulation (GDPR). However, the major theme of the event centered around the management of cyber risks.

Speak the Language of Business Risk

For many IT security practitioners, cyber risk management is a double-edged sword. It stimulates greater educational opportunities to help security professionals translate technical jargon into the language of business risk, which the C-suite and board of directors can more easily understand. This increased attention can also unleash a cacophony of competing marketing messages from different vendors — further muddying the waters and creating more confusion.

The conference also highlighted the fact that security is indeed a board-level issue. The president of the RSA, Rohit Ghai, referenced a survey in his keynote which revealed that 89 percent of respondents from the National Association of Corporate Directors (NACD) said they discuss cybersecurity on a regular basis. (This is up from 40 percent in 2012.)

Ghai also touched on the important role of collaboration in managing cyber risks. These decisions must involve multiple stakeholders, including security practitioners, risk teams, policymakers, IT leaders and even users. In the high-stakes world of cybersecurity, top executives bear personal accountability for major data breaches.

Improve Risk Management to Defend Critical Data

The 2018 RSA Conference also saw a solid lineup of sessions and workshops designed to educate security professionals on how to get a better handle on cyber risks. What was the key takeaway from these sessions? Organizations must focus on finding and protecting their crown jewels. According to Ghai, that is the only asymmetric advantage that enterprises have.

Related: Data Risk Management in 2018: What to Look for and How to Prepare

It’s more important than ever to apply and appropriately disseminate formal risk management processes for evaluating information assets and the vulnerabilities that threaten to compromise them. If this information is not managed and presented to each level of management — up to and including the board of directors — there is no way to determine how much money to apply to make the proper decisions to combat high risk. For example, there’s no point in spending $100,000 to mitigate a potential $50,000 loss.

To identify and properly protect the enterprise’s crown jewels, the data risk management plan must include repeatable processes to identify those critical assets, understand the value they represent and describe how their associated risk should be managed. This strategy requires IT, lines of business and security teams to align in the way they prioritize these risks. By making risk the common language across those groups, organizations can more effectively assign accountability and ensure the security and privacy of the enterprise’s most critical data.

In the age of data sprawl, sophisticated and resourceful cyber adversaries — and the increasing cost of a data breach — risk management can be a highly effective weapon in the fight to protect enterprise assets.

Read the white paper: Data Risk Management in 2018 — What to Look for and How to Prepare

 |  |  |  |  |  |  |  |  | 
Paula Musich
Research Director

More from Data Protection
January 27, 2025

How secure are green data centers? Consider these 5 trends

4 min read - As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations…

January 21, 2025

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

January 3, 2025

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature