My good friend, Alexei Sidorenko, challenged me on my last post. He said:
Norman Marks, too much cyber lately, too much jumping on the hype train, cyber is not even top 10 important risk in today’s business. Write about something that is important and was important 10 years ago and still is.
Now, just as it is wrong to jump on the hype train and believe that cyber is always a top risk, it is also wrong to believe that it is not. What is needed is a disciplined assessment of the likelihood of a breach that would have a material adverse effect on the likelihood of achieving enterprise objectives at your organization. In other words, is it a “top risk” for you?
But if (as Alex says – and as borne out by many studies of the effect of breaches) cyber is not a top risk, what is?
There are quite a few surveys. For example, Protiviti says these are the top risks for 2021[1]:
- Pandemic-related policies and regulation impact business performance
- Economic conditions constrain growth opportunities
- Pandemic-related market conditions reduce customer demand
- Adoption of digital technologies may require new skills or significant efforts to upskill/reskill existing employees
- Privacy/identity management and information security
- Cyber threats
- Impact of regulatory change and scrutiny on operational resilience, products,…