The Fair Institute has released findings from its 2017 Risk Management Maturity Benchmark Survey. Results show low risk management maturity levels regardless of industry or organization size.
The survey report’s key findings show that cyber and technology risk management programs are often going through the motions on risk management, putting policies, processes and technologies in place without addressing the fundamentals of well-informed decision-making and reliable execution. As a result, these programs are more likely to:
- Struggle with identifying and maintaining a focus on their most significant priorities, wasting limited resources on lower risk concerns and potentially delaying remediation of truly high-risk concerns.
- Implement risk mitigations that are less cost-effective, missing the opportunity to apply the misspent resources on other risk concerns or business opportunities.
- Experience control failures due to unreliable execution, which introduces avoidable levels of risk.
- Experience a ‘risk management groundhog day’ — repeatedly experiencing the same failures by not recognizing and treating root causes.