The State of Risk Alignment – Alliances Growing Between IT Security and IRM | NAVEX Global


As business risks abound, including escalating cybersecurity attacks, the impact of rapid technological advancements, and increasing regulations, there are healthy ways to uncover and mitigate risk.

Organizations are moving away from a siled approach to reducing operational risk. Instead, they find success with an Integrated Risk Management (IRM) strategy.

MRI brings more data and business intelligence into the equation. By integrating risk intelligence with business intelligence, IRM reduces uncertainty and improves business decision making.

To understand the full extent of risk, proactive organizations need a comprehensive view of departments, technology, and processes to determine their top risks and how best to manage them, whether to avoid their implications or generate of value and determine the desirability.

NAVEX Global’s recent survey of IT security professionals asked about the state of risk alignment in their organizations. Respondents indicated that IT and cybersecurity risks are generally seen as part of their organization’s overall risk profile. In fact, 95% said their organizations include cybersecurity in their IRM approach.

Breakdown by industry

Sectors that rated the “strong” collaboration between IT security, operational risk management and the compliance function include banking and finance (97%), healthcare (96%), engineering and manufacturing ( 90%) and 78% in science and pharmacy. This research is not necessarily surprising, as empirical evidence indicates that these industries are the most targeted by threat actors and attackers.

Financial services

According to the Boston Consulting Group (BCG) report, cyber attacks hit financial services companies 300 times more often than other companies. A cyberattack on a bank can devastate its customers and systems, and a cyberattack on the US Treasury (which SolarWinds dangerously nearly hit) could bring the country down.

Health care

As the healthcare sector continues to deliver life-saving services while improving treatment and patient care with new technologies, threat actors seek to exploit vulnerabilities associated with these continuing changes. According to the HIPAA Journal’s May 2021 Healthcare Data Breach report, May was the worst month of the year for severity of breaches, with 6,535,130 health records violated .


Trends such as the Industrial Internet of Things (IIoT) are pushing manufacturing plants to facilitate more connections between the world of physical processes and the Internet. Unfortunately, this connectivity exposes previously isolated operational environments to cyberthreats. According to the Manufacturers Alliance for Productivity and Innovation (MAPI), 40% of manufacturing companies suffered a cyberattack last year.


The average cost of a data breach in the pharmaceutical industry is $ 5 million, according to

IBM Cost of a Data Breach report, 2020. The Ponemon Institute reports that it takes an average of 257 days to identify and contain a breach in the pharmaceutical industry. In addition, a major effort stands out for the pharmaceutical supply chain – the COVID-19 vaccine. Experts have warned that the vaccine manufacturing and distribution process has several vulnerabilities. Experts have warned that the vaccine manufacturing and distribution process has several vulnerabilities.

Simple steps to take today

Create a safety-conscious culture: The easiest entry point for a cyber threat is a single person. Texts, voicemails, phishing, and other social engineering attacks that take advantage of the fact that humans are “human” and are more likely to be exploited when an organization does not maintain regular training, awareness, and a secure network. Teach employees to understand cyber threats and best practices to protect confidential information and critical systems. A security awareness program encourages and enables employees to take an active role in your overall security strategy. Forrester research suggests that 70% of breaches are due to employee lack of cybersecurity awareness.

Data backup: Regularly back up data and separate it from the production environment. For example, in the event of a ransomware attack, the victim can recover encrypted information from a tested backup. Keep in mind that any data corruption is copied along with it, so a solid collection of backups dating back as far as viable or to the last “known good” condition is best practice.

Make a plan: Now prepare for what to do in case of a violation and practice performing it. Make sure you have a plan for what to do with your data in the event of an incident. An incident response plan should take into account the immediate actions that a business needs to take. This plan may include shutting down or locking down your computer systems, moving your information to a backup site, or physically removing critical documents and sensitive equipment.

Learn More Steps to Developing an MRI Program

See the original article on risk and compliance issues


Previous Penn State finalist for 2021 APLU Innovation and Economic Prosperity Awards
Next Corn futures retreat on profit taking, still end up 12% for the week

No Comment

Leave a reply

Your email address will not be published.