ESG: Businesses must adopt a thorough digital risk management strategy

Most CEOs and corporate boards no longer shy away from cybersecurity strategy as they might have done even 5 years ago. Rather, progressive executives now realize that cyber-risk equates to business risk and needs to be addressed as part of their overall business strategy.

According to the ‘The Pressing Need for Digital Risk Management’ report conducted by Enterprise Strategy Group (ESG), most executives no longer accept “good enough” security, and are willing to invest in best practices and leading security defenses to protect their organizations. However, many organizations continue to think of cyber-risk in terms of internal network penetration rather than as a more comprehensive strategy that includes all digital assets—websites, social networks, VIP and third-party partner exposure, etc.

To address these risks, the report suggests CISOs and risk officers must adopt a thorough digital risk management strategy that includes monitoring, filtering, prioritizing, and responding to threats across the public Internet and dark web.

“Many executives are beginning to realize they need to take a different stance on cyber security,” said Jon Oltsik, Senior Principal Analyst at ESG who wrote the report.

“It Is no longer a case of just spending dollars on perimeter-focused cybersecurity but they need to move to a more holistic digital risk strategy designed to analyze threat intelligence, monitor deep web activities, track the posting of sensitive data, and oversee third parties.”

“We know that a strong and resilient strategic digital risk management strategy should include policies and monitoring for targeted cyber threats; Infrastructure exposure, data loss; brand and VIP exposure, physical threats and third party risks to be truly effective,’ said Alastair Paterson, CEO and Co-Founder of Digital Shadows, which commissioned the ESG report. “Digital Risk Management, which combines automation and human analytics, is becoming the critical component in your cyber security arsenal.”