More threats to data, privacy are the top concerns of risk managers and are becoming “the new normal.” Credit: Thinkstock Enterprises around the world are being barraged by risk events, according to a report released Wednesday by Forrester. The State of Risk Management 2022 report, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months.Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” Forrester reported. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did.When the enterprise risk management (ERM) pros were asked what risks had the potential to most impact their enterprises, information security risks (32%) topped the list, followed by risks to data privacy (28%). However, Forrester noted, that varied from industry to industry. Industries that depend on supply chains such as retailers and wholesalers picked supply chain risks as their primary concern, while industries targeted by ransomware such as manufacturing say their primary concern is information security. Risk management can help accelerate innovationDecision makers participating in the survey identified several challenges to managing risk. Risk management impeding innovation was a primary challenge in 27% of the enterprises in the survey. Almost a quarter of the respondents (24%) say risk management slows down decision-making, while 17% say it doesn’t consider business objectives. “If you’re thinking about risk management at the very end of the process, it can impact decisions, especially decisions to move forward with something, but when risk management is part of the ideation as well as the execution, it does not slow down innovation,” says Forrester Senior Analyst Alla Valente, one of the authors of the report. “In fact, it can help accelerate it, because you’re not putting out a product that you may need to later fix, patch, or possibly recall.”Compliance is your floor, not your ceilingThe Forrester report also found that although regulatory compliance remains a critical or high priority for 76% of those surveyed, it falls just behind the “ability to stress-test risk scenarios” (78%) as the top risk priority over the next 12 months. “Companies are using risk management to become more resilient, not to just meet compliance obligations,” Valente says. “Compliance is your floor, not your ceiling. It’s the minimum you have to do to operate. Risk management is how you maintain your resilience, how you make good on your promises to serve your customers no matter what the crisis.”Misperception that we manage risk to get rid of riskAs compliance gives way to resilience, the report notes, the ERM pros say their organizations have benefited in a number of ways, including increased responsiveness to incidents or risk events (26%), enabling employees to make faster (26%) or better (24%) day-to-day risk-based decisions (26%), and increased ability to protect assets, environments, and systems that are critical to their business (23%).“There is a widely held misperception that we manage risk to get rid of risk. That risk is all bad. That’s not the case,” Valente says. “We manage risk so we can understand what are the risks we need to take and at what cost. You don’t want to take a big risk for a small reward.”“For companies to grow and innovate and be leaders in their markets,” Valente adds, “they need to make big, bold decisions. Those decisions carry risks. So, risk is necessary for growth and innovation.” Related content news US healthcare agency to invest $50M in threat detection tools that predict attackers’ next moves The Advanced Research Projects Agency for Health is seeking proposals that go beyond detecting and analyzing healthcare attacks to trying to determine what attackers will try next. By Evan Schuman May 28, 2024 5 mins Government IT Healthcare Industry Threat and Vulnerability Management news Data leak exposes personal data of Indian military and police Data included facial scans, fingerprints, identifying marks such as tattoos or scars, and documents such as birth certificates and employment records. By Prasanth Aby Thomas May 28, 2024 4 mins Data Breach feature CISSP certification: Requirements, training, exam, and cost The Certified Information Systems Security Professional ‘gold standard’ certification demonstrates your skills, testifies to your experience, and opens career advancement opportunities, including higher salary. By Josh Fruhlinger and CSO Staff May 28, 2024 10 mins Certifications Careers Security feature Third-party software supply chain threats continue to plague CISOs Malware-laced libraries add a new dimension to defending the software supply chain. By David Strom May 28, 2024 8 mins Open Source Security Software Supply Chain PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe