MetricStream, a global integrated risk management and governance, risk management, and compliance (GRC) firm, has announced the results of the MetricStream State of IT and Cyber Risk Management Survey Report 2021.
Compiled from the opinions of key IT risk and compliance executives around the world, key findings show that IT and cyber risk measures escalated as a priority during the pandemic. Respondents stated that creating real-time visibility of their risk and compliance status is a top priority for the upcoming year. In addition, ensuring compliance requirements are met, assessments are conducted on a regular basis, and a need for automated tools were also ranked high in the survey.
“It is clear that organizations need solutions that protect digital workers while rapidly addressing the digital transformation and thwarting off increased cyber threats,” said Gaurav Kapoor, Chief Operating Officer and Co-Founder, MetricStream. “Cyber leaders are beginning to realize that resilience is only one step towards managing risk. An integrated risk management approach enables visibility to real-time data to quantify risk and make more strategic business decisions.”
The survey suggests organizations still need to adopt integrated risk and compliance tools that allow them to proactively address IT and cyber risks and conduct more frequent assessments. Almost half the surveyed organizations stated that they hope to increase real-time visibility on risk and compliance issues.
The survey also highlights a widespread dependency on basic office productivity software, knowledge management software, and point solutions for IT and cyber risk and compliance management needs. This is an indication that organizations still need to adopt more advanced, automated tools that allow them to proactively address IT and cyber risks and conduct more frequent assessments. As cyber risk management processes improve, organizations will experience a significant decrease in the impact of risks and an increase in their ability to predict and manage potential risks.
The IT and Cyber Risk Management Survey is based on the responses of key risk, compliance, cybersecurity, and audit executives across industries and geographies and included analysts, managers, and senior managers, vice presidents, directors, heads of departments, and CISOs.
The key areas tackled in the survey were:
- How COVID-19 has globally changed the way organizations view their IT and cyber risk and compliance efforts
- The rise of COVID-19-specific threats to cybersecurity
- An increasing cost of global cybercrime over the next five years, surpassing $10 trillion annually
- Adopting a proactive approach to cyber risk detection, response, and recovery
- Understanding how organizations are approaching the critical business function of cyber risk management in the “new normal”
Key takeaways from the survey include the following:
- 65.22% said that their organization mostly uses IT and cyber risk management software to identify and assess cyber risks
- 55.07% said that their organization’s top IT and cyber risk priority for 2021 is to create real-time visibility on risk and compliance posture
- 45% of survey respondents identified a lack of visibility on cyber risks across the enterprise as the biggest challenge faced by their organization
- 45% of respondents said that they changed their plans and approaches to cyber risk and compliance management and reprioritized activities to contend with the pandemic driven new operational landscape
- 41% believe that regulatory compliance is the first concern for their organization, and thus, should be a key area where future investments are directed
- 40.48% said that their organization plans to invest in areas that implement specific solutions with comply and regulatory requirements and standards
- Only 36.23% of respondents said that their organization conducts risks and controls assessments on a continuous basis
Read the full release and download the State of IT and Cyber Risk Management Survey Report 2021 from MetricStream here.