Request Demo

Digital Risk Management

Digital Risk Management: A Working Definition



We all live in a rapidly digitizing world - the computing power of your phone in your pocket exceeds the world’s supercomputers just a few decades ago. We have all seen the exponential growth and adoption to digital products and technologies. It is the breakneck speed with which these technologies have been produced and adopted by consumers and organizations alike that has made the concept of “digital risk management” so hard to define.

We are in the midst of an industrial revolution, the fourth specifically. During each of these benchmark events in history, industry collectively was irrevocably changed. From the advent of mass production in the 1700s to the advent of the assembly line in the early and mid-1800s, and more recently the transformation of communication with the internet. The transformation we are going through now, though, is something completely different.

Building upon the development of the modern computer and the adoption of the internet, the lines between the digital and physical world are becoming increasingly blurry. In fact, it is predicted that 2019 will be the year that the impact of cyberattacks make it to the physical world.

Defining the terms

As with any tectonic shift that impacts millions, the terminology that we use is still quite disparate. Actually, it is this lack of a common language that stands in the way of many technical leaders working to get buy-in from their executives.

Information security: For our purposes, information security is the umbrella term for all activities performed by the CIO and CISO to ensure that their organization stays secure. Information security spans both the physical and digital world.

Integrated risk management: As seen with the Gartner Magic Quadrant of 2018, integrated risk management is the natural progression of GRC. Where GRC was capable of managing and mitigating risks in the physical world, a fragmented approach cannot succeed in the digital world. Integrated risk management provides a single-pane-of-glass necessary for information security leaders to see a holistic view of their environments and perform the continuous compliance necessary to secure a digital organization.

Digitization: Many organizations have realized that in order to ensure success, they must embrace new technologies. Gartner has broken these technologies into cloud, mobile, social, big data, third-party technology providers, OT and the IoT.

Digital risk management: A fact of digitization, digital risk management is the role that CISOs play in adopting these digital technologies. Digital risk management and cybersecurity in most cases is seen as interchangeable.

Why Digital Risk Management is a fundamental change to risk and compliance management

In order to understand why digital risk management is so ambiguous and misunderstood, we must look at the way security teams approached risk and compliance before the fourth industrial revolution.

Under a checkbox compliance approach, and using a GRC tool, security teams would perform scheduled assessments and have to assemble the necessary information each time. For many, this was and is still done in static spreadsheets. The information stored in those spreadsheets was and is outdated as soon as the team hits save. It is a static snapshot of a dynamic environment.

This process is predicated on the notion that the adoption of new tools, addition of new vendors, and implementation of new technologies was slow and in the past it was. Organizations could not procure and implement a new tool in hours, it took months. Price points were also a limiting factor - in the past new tools and technologies had astronomical price tags that needed board approval before they could move forward. Today the adoption and implementation of new technologies is blistering. Every business unit within an organization is adding new tools to their productivity stack and implementing them faster than ever. The price of powerful solutions has dropped and as a result is more discretionary to the managers and directors of those units. The technology adoption process is no longer slow enough for GRC to keep up.

Risk and compliance managers need two things to keep their organization secure in a digital world: a risk-aware culture that scales beyond just their own business unit, and tools flexible and smart enough to manage and scale as the organization adopts new technologies.

Don’t let manual effort slow down your digital transformation

As we’ve written about before, the CISO and the CEO must be a collaborative team to ensure business growth while staying secure. It is in cases of digitization and digital risk management that the CISO is at the greatest risk of appearing to be a hindrance rather than an enabler of growth.

Without the proper solution to enable the CISO to manage the compliance and risks of a digital organization, they will be hard-pressed to do their job. Given that digital technologies are dynamic, static tools used to assess the risk will leave an organization open to more and more threats.

Today, it is either keep your spreadsheets and slow (or even stop) your organization's digital transformation, or adopt a powerful new solution of your own (every other business unit gets to, why not security?) and become an ally to the CEO and empower your digitization.

You may also like

CyberSaint at RSAC 2019
on March 7, 2019

Day two of RSA and booth number 1641 is bustling. In fact, the entire Expo Hall is awash with new product announcements, compelling demos, and striking amounts of swag. The ...

Becoming Better At RSA
on February 28, 2019

Next Monday marks the start of RSA Conference 2019, where a projected 50,000 vendors and practitioners will descend on the Moscone Center in San Francisco. The theme for the ...

Digital Risk Redefines Enterprise ...
on February 26, 2019

For information leaders today, there is increasing interest from non-technical parties - from the legal team to the Board - in the ongoing question “are we secure”. The challenge ...

DFARS Cybersecurity Audits: What ...
on February 21, 2019

It’s getting real – the government is moving from self-reported compliance to external audits of a company’s cybersecurity posture: drilling deep to evaluate that company ...

Risk Quantification: It's Not ...
on February 19, 2019

Many vendors and organizations alike see opportunity in the nebulous realm of risk quantification. As we’ve seen before, risk quantification is nothing new to the world - dating ...

Why GRC Needs IRM
on February 15, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux