The cyber and technology risk profession continues to evolve many of its practices. Because of this, new and unanswered questions reveal themselves, such as:
- How mature is the profession today?
- Where are we weakest/strongest?
- Which improvements in maturity are likely to matter most?
- How do we rate against others in our industry?
With these questions in mind, the inaugural 2017 Risk Management Maturity Benchmark Survey was undertaken to provide a clear view into the current state of cyber and technology risk management maturity.
The survey, co-sponsored by RiskLens and RSA, is based off a model of measuring cyber risk maturity by “defining a mature organization as one that can cost-effectively achieve and maintain an acceptable level of risk.” The intent being, if we know our strengths and weaknesses — and their significance — then we can make better and more informed choices.
This report shines a light on the current status of the industry and begins the process of measuring and reporting on how risk management is evolving over time.
Overall, the key findings from the survey show risk management maturity levels are low, regardless of industry or organization size. These results suggest that cyber and technology risk management programs may be focusing on the trappings of risk management.
Instead, risk experts should be focused on “reducing noise, choosing cost-effective solutions, and more effectively aligning with organization leadership’s risk appetite.”
FAIR Institute members can read the full report in the Member Resources Center.
Additionally, please join the FAIR Institute and RSA for a joint webinar to discuss the findings of the report. The discussion, led by Jack Jones, Chairman of the FAIR Institute, will revolve around where we are as an industry and how we can move forward from here. The webinar will be on Tuesday, December 5th, at 3 PM EST.