Seven Alarming Stats on Why GRC Matters

Industry is slowly starting to recognize risk management as a vital operational function, especially organizations with extensive exposure to third-party suppliers. Thus, there is an increasing demand to measure and quantify risk in a meaningful way.

However, several recent studies show that there is a serious gap between recognizing risk from information technology operations and taking active steps to avoid, transfer, accept and/or control risk. The following are some pertinent details from those studies.

  1. Cybercrime will cost businesses more than $2 trillion by 2019.
  2. Sixty-five percent of C-suite executives believe their cybersecurity plans are well established, but only 17 percent meet the criteria of preparedness and capability.
  3. Sixty percent of executives do not feel included in cybersecurity conversation, yet 95 percent of C-suite officers view cybersecurity as significant threat.
  4. Seventy-five percent of executives do not believe their organizations have a complete and formal enterprise-risk management process.
  5. Thirty percent of organizations provide explicit guidelines for management to assess risk probability and impact.
  6. Sixty-three percent admit being caught off guard by an operational surprise in the last 5 years.
  7. Thirty-six percent of organizations maintain risk inventories at the enterprise, meaning that nearly three-quarters are not tracking it across their entire organization or not tracking it at all.

Sources: North Carolina State Poole College of Management, Juniper Research