sb-nz logo
Story image

Gartner: Security leaders must balance risk, trust and opportunity

Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function as a trusted participant in the digital economy, according to Gartner.

“Through the first half of 2020, defining risk appetite has become even more of a challenge for security leaders,” says Jeffrey Wheatman, research vice president at Gartner and conference chair. 

“The ability to communicate the real impacts of change and chaos, or in other words to achieve just the right level of balance, is critical to working with business stakeholders on setting and managing organisational risk appetite and capitalising on opportunity," he explains.

Wheatman says through the COVID-19 pandemic, security has been essential.

"During the initial response phase, security and risk teams identified new and amplified risks, assigned resources and shifted investments to meet business initiatives,” he says.

“Now that organisations have made their initial technology investments, chief information security officers (CISOs) and risk leaders have the opportunity to strengthen their organisations as they move through the recover and renew phases. 

"For security teams, the recover phase is an opportunity to detect and mitigate new risks that may appear as a result of the initial response.”

Wheatman says the pandemic has also reinforced the critical need for security programs that are agile enough to react to minor and major extraneous shocks. As enterprises manage through the recovery and renewal phases, they must reengineer their programs to achieve this agility.

A recent Gartner survey found that 90% of CISOs believe that digital business will create new types and new levels of risk. However, 70% of respondents said that investment in risk management is not keeping up with these new higher levels of risk. 

These findings combined offer huge opportunity for security and risk leaders, Gartner says.

“Business executives continue to focus on security as a strategic initiative. Organisations are exploring how technology can help them transform their operating models," says Wheatman.

"This means that security and risk professionals have a fundamental role to play in helping their organisations through this transformation while avoiding unnecessary risk,”  he says.

“Security and risk leaders have a unique ability to give business leaders the insights and tools to help them balance risk with the potential opportunity of digital transformation.”

Wheatman says the accelerated adoption of digital transformation means that interacting with clients and citizens will highlight the potential need for establishing dedicated digital trust and safety teams in enterprises. 

"These teams are tasked with assessing and managing the risks resulting from the ever-growing number of touch points and the need to address a strategic view of customer risk and harm reduction."

According to Gartner, finding the right balance between the business need to grab new opportunities to gain competitive advantage and the need to develop appropriate security policies that mitigate the prioritised business risks must be a key focus area for security and risk leaders through 2021.

“Once the chaos of the recovery begins to settle down, enterprises will experience the real new normal. In this phase, the future starts to become more plannable,” says Wheatman. 

“This renew phase offers security and risk leaders a great opportunity to support their businesses objectives while being more proactive in identifying and managing risk and providing the resilience to move forward.”

Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More