John A. Wheeler, Risk Management Technology Advisor for leading tech consultancy Gartner, is out with a LinkedIn blog post that forecasts 2021 as a year of “uncertainty and change”, driving organizations to an integrated approach to risk management (IRM).
Here are Wheeler’s key points in the post IRM 2021: The Year of Uncertainty and Change:
>>Businesses will be forced to accelerate digital transformation plans by at least five years – pandemic trends toward working and shopping at home will just keep on growing. That’s also the view from the boardroom, a Gartner survey found:
Get an executive-level briefing on FAIR and cyber risk quantification from the FAIR Institute
>>Enterprises will increasingly turn to IRM because – lesson of the pandemic -- it’s clear that risk management requires a balanced view of performance, resilience, assurance and compliance risk objectives, per this schematic:
Where to find FAIR training for your organization.
Notice something missing in the above? There’s no special call-out for cyber risk or IT risk. Wheeler writes that the “rapid shift to digital business will have impacts throughout the organization, not just IT. Ultimately, every business will become a digital business” and “they must evaluate the value of their digital initiatives while determining the size of their risk appetite. These uncertainties can make or break a business.”
Implication for cyber risk managers: You need re-scope your role to account for all the axes in Wheeler’s chart. Gartner has previously identified risk quantification methodology as one of the five pillars of IRM – because it serves as a common financial language that translates across all the risk management disciplines.
Wheeler spoke at the 2019 FAIR Conference and gave a nod to FAIR as a tool to “develop a successful case for digital transformation.” Since then, FAIR, the international standard for cyber and technology risk quantification, has been endorsed by NIST, COSO and the National Association of Corporate Directors (NACD) in various frameworks and guides.
Learn more about FAIR and how quantification brings cybersecurity into alignment with an integrated approach to risk management in these blog posts: