Organizations most fear damage to their brand (63 percent) as a result of having a nonexistent or poorly executed risk management program, according to The Imperative to Raise Enterprise Risk Intelligence, a recent survey conducted by the Ponemon Institute and sponsored by RiskVision, an enterprise risk intelligence company. Following brand damage are security breaches (51 percent), business disruption (51 percent), and intellectual property loss (37 percent).
"Expenses around compliance, customer attrition, and negative public relations incurred due to resulting loss of brand and reputation are ongoing, sometimes dragged out tor months or even years, and are much more difficult, if not almost impossible, to predict or gauge," Larry Ponemon, chairman and founder of the Ponemon Institute, says. "While security breaches are costly to detect and remediate, the costs are finite."
Of the 641 individuals involved in risk management activities who were surveyed, 83 percent say managing risk is a significant commitment for them. However, three-fourths of organizations lack a clearly defined risk management strategy or they have one that isn't applicable to the entire organization. This represents a disconnect in organizations' desired risk practices and what they can realistically achieve. Other key report findings include:
>> Only 14 percent of respondents say their organization's risk management process is effective.
>> Just over half of organizations don't have a budget for enterprise risk management.
>> The top three barriers to achieving risk management goals are lack of resources (44 percent)...