The following is a guest post from principal research lead Kelley Pruetz and writer Kristen Senz at APQC. Opinions are the authors’ own.
Preventing a data breach requires much more than strong cybersecurity defenses. Yet, in many organizations, cyber risk still sits outside enterprise risk management, limiting visibility into emerging threats and slowing decisions that could reduce exposure before an incident occurs.
That separation persists even as cyber risk is widely understood to be a multifaceted threat with serious financial implications. Based on global data from 5,000 companies, new research by the American Productivity & Quality Center shows that only 41% of organizations have achieved any meaningful integration between cybersecurity and enterprise risk management. Just 23% apply unified risk management structures to suppliers and partners, despite the growing role of third…
