According to a new report enterprises lack effective risk management
The currently popular silo approach to managing enterprise risk is inadequate because it leaves too many gaps and provides no reliable way to evaluate an enterprise’s risk position, according to a new research report issued by The Alliance for Enterprise Security Risk Management (AESRM), a partnership of leading international security associations ISACA and ASIS International. The report is available as a free download AESRM (direct pdf link).
The Convergence of Physical and Information Security in the Context of Enterprise Risk Management shows that while risk management is fundamental to most enterprise managers, many risk reduction initiatives are not coordinated or integrated across all risk areas. Only 19 percent of executives surveyed said their company has a robust process in place for identifying when risk tolerance approached or exceeded defined limits.
To address these risk challenges, organizations are investigating more inclusive enterprise risk management (ERM) programs and converging traditional and information security functions. Although this convergence is intuitive and logical, it is still in its early stages, according to the research conducted by Deloitte.
When asked to identify the major drivers of their companies’ security integration efforts, 73 percent of the executives cited “reducing risk of combined information and physical security threats,” 58 percent said “increased information sharing,” and 50 percent noted “better protection of the organization’s people, intellectual property and corporate assets.” The survey shows that security integration and ERM, when aligned, add value throughout an organization.
“Even though our study found that convergence is in its infancy, it is clearly a concept that is not going away,” said Adel Melek, global leader of the security and privacy practice at Deloitte Touche Tohmatsu. “But like any new idea, it takes pioneers or “visionaries’ to propel it forward. The visionaries of our report’s case studies, typically executives, have a strong belief in the benefits of convergence and have the personal commitment to see their ideas to completion despite the uncharted territory in which they may find themselves.”