Many organizations are overconfident about their capability to successfully manage future incidents
- Published: Friday, 05 November 2021 09:17
OnSolve has released the results of a commissioned study by Forrester Consulting, which found that only 30 percent of business and government entities are very confident they can handle the increasing complexity of risk management in the future. The survey, which polled nearly 470 risk, security and business continuity executives across mid-size to large enterprises, government and education entities, also cites misaligned priorities, technology missteps, and lack of proactivity as key reasons why organizations are unprepared.
The study, Failing to Plan is Planning to Fail, found that while 99 percent of organizations experienced a critical event (i.e., catastrophic weather, active assailant, cyber attack, etc.) in the last 18 months, only 30 percent of organizations are very confident they can handle increasing risk complexity and just 38 percent of respondents cite ‘becoming more proactive’ in their critical event management goals. The study also reveals that too many organizations are unaware and much less prepared to tackle the ‘new face of risk today’.
Key findings include:
- Organizations are overconfident in their ability to respond to incidents: less than half of respondents believe risk management complexity will increase in the next two years – despite the rise in critical events.
- Risk monitoring is inconsistent and insufficient today: more than 50 percent of respondents believe their organizations are ineffective at responding across critical risk categories.
- Organizations lack the tools to be proactive: current security stacks make it harder to monitor and effectively respond to incidents – 44 percent lack risk intelligence, more than half lack security analytics, and 63 percent don't have governance, risk and compliance (GRC).
- Critical event management is siloed: organizations are still very likely to silo critical event management today – as only 17 percent have tapped an enterprise risk management (ERM) team to lead CEM and just 1% distribute responsibility across their organizations today.
- Strong, proactive CEM strategies improve operations: without an effective strategy to proactively respond to crises, organizations experience negative impacts to their operations and reputation. Organizations with a strong CEM strategy are 5 times as likely to have an effective or optimized response to all manner of business risk, including information security, travel, employee risk, data privacy, and risk that impacts customer experiences.
"Risk and organizational resilience are now board-level conversations," said Mark Herrington, CEO, OnSolve. "As organizational risk becomes increasingly complex, businesses need to prepare to handle the inherent ripple effect it has on their people, places and property. Today's news underscores the importance of having an effective resilience strategy fortified by advanced technology in place to proactively respond to crises and disasters before they impact a company's bottom line."
Research for Failing To Plan Is Planning To Fail was conducted in April 2021, surveying 469 North American and UK mid-size to large enterprises across many industries including education and government with risk, security, and business continuity decision-makers.