More threats to data, privacy are the top concerns of risk managers and are becoming “the new normal.” Credit: Thinkstock Enterprises around the world are being barraged by risk events, according to a report released Wednesday by Forrester. The State of Risk Management 2022 report, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months.Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” Forrester reported. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did.When the enterprise risk management (ERM) pros were asked what risks had the potential to most impact their enterprises, information security risks (32%) topped the list, followed by risks to data privacy (28%). However, Forrester noted, that varied from industry to industry. Industries that depend on supply chains such as retailers and wholesalers picked supply chain risks as their primary concern, while industries targeted by ransomware such as manufacturing say their primary concern is information security. Risk management can help accelerate innovationDecision makers participating in the survey identified several challenges to managing risk. Risk management impeding innovation was a primary challenge in 27% of the enterprises in the survey. Almost a quarter of the respondents (24%) say risk management slows down decision-making, while 17% say it doesn’t consider business objectives. “If you’re thinking about risk management at the very end of the process, it can impact decisions, especially decisions to move forward with something, but when risk management is part of the ideation as well as the execution, it does not slow down innovation,” says Forrester Senior Analyst Alla Valente, one of the authors of the report. “In fact, it can help accelerate it, because you’re not putting out a product that you may need to later fix, patch, or possibly recall.”Compliance is your floor, not your ceilingThe Forrester report also found that although regulatory compliance remains a critical or high priority for 76% of those surveyed, it falls just behind the “ability to stress-test risk scenarios” (78%) as the top risk priority over the next 12 months. “Companies are using risk management to become more resilient, not to just meet compliance obligations,” Valente says. “Compliance is your floor, not your ceiling. It’s the minimum you have to do to operate. Risk management is how you maintain your resilience, how you make good on your promises to serve your customers no matter what the crisis.”Misperception that we manage risk to get rid of riskAs compliance gives way to resilience, the report notes, the ERM pros say their organizations have benefited in a number of ways, including increased responsiveness to incidents or risk events (26%), enabling employees to make faster (26%) or better (24%) day-to-day risk-based decisions (26%), and increased ability to protect assets, environments, and systems that are critical to their business (23%).“There is a widely held misperception that we manage risk to get rid of risk. That risk is all bad. That’s not the case,” Valente says. “We manage risk so we can understand what are the risks we need to take and at what cost. You don’t want to take a big risk for a small reward.” “For companies to grow and innovate and be leaders in their markets,” Valente adds, “they need to make big, bold decisions. Those decisions carry risks. So, risk is necessary for growth and innovation.” Related content news Top cybersecurity product news of the week New product and service announcements from Conatix, Tanium, Cisco AppDynamics and Miggo. By CSO staff Apr 19, 2024 79 mins Generative AI Security news analysis Cisco fixes vulnerabilities in Integrated Management Controller Cisco fixes high-risk flaws in the out-of-band management controller of multiple products By Lucian Constantin Apr 18, 2024 4 mins Threat and Vulnerability Management Vulnerabilities news UK law enforcement busts online phishing marketplace The coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform. By Shweta Sharma Apr 18, 2024 4 mins Phishing Legal news Consolidation blamed for Change Healthcare ransomware attack United HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused. By John Leyden Apr 18, 2024 5 mins Ransomware Cyberattacks PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe