Seven Alarming Stats on Why GRC Matters
Industry is slowly starting to recognize risk management as a vital operational function, especially organizations with extensive exposure to third-party suppliers. Thus, there is an increasing demand to measure and quantify risk in a meaningful way.
However, several recent studies show that there is a serious gap between recognizing risk from information technology operations and taking active steps to avoid, transfer, accept and/or control risk. The following are some pertinent details from those studies.
- Cybercrime will cost businesses more than $2 trillion by 2019.
- Sixty-five percent of C-suite executives believe their cybersecurity plans are well established, but only 17 percent meet the criteria of preparedness and capability.
- Sixty percent of executives do not feel included in cybersecurity conversation, yet 95 percent of C-suite officers view cybersecurity as significant threat.
- Seventy-five percent of executives do not believe their organizations have a complete and formal enterprise-risk management process.
- Thirty percent of organizations provide explicit guidelines for management to assess risk probability and impact.
- Sixty-three percent admit being caught off guard by an operational surprise in the last 5 years.
- Thirty-six percent of organizations maintain risk inventories at the enterprise, meaning that nearly three-quarters are not tracking it across their entire organization or not tracking it at all.
Sources: North Carolina State Poole College of Management, Juniper Research