Most cybersecurity leaders say real-time alerting would have helped them with the most severe or disruptive events they have been forced to deal with, but more than half say they still don't have real-time alerting solutions in place, according to new research.
However, this appears to be changing and real-time alerts will be significant focus areas in 2023 as the research also discovered these capabilities are seen by stakeholders as the most critical features to be added to risk management platforms.
The research was carried out by Forrester Consulting and commissioned by AI company Dataminr to evaluate the state of enterprise risk management (ERM) at midsize to large enterprises across industries in the North America, Europe, and APAC regions.
Forrester surveyed 500 risk leaders to inform the commissioned study titled Constant Disruption Is The New Status Quo, and found that organisations encounter significant organisational, strategic, and technological barriers when implementing an effective ERM strategy.
The study also found that nearly 70% of respondents said their organisations experienced at least two critical risk events in the past year, while over 40% experienced at least three, and nearly 20% suffered six or more incidents.
"Following the unprecedented events of the past three years, this research illustrates that now, more than ever, it is crucial for businesses to have a system in place to discover and manage major physical and cyber risk events," says Jason Edelboim, President and COO of Dataminr. "These findings have been incredibly valuable to help demonstrate the utility of Dataminr's real-time alerts—ultimately giving clients an earlier line of sight into high-impact events and emerging risks that could impact their organisations."
Plans to increase investment in real-time alerts
The survey found that 70% of respondents believed that optimised, real-time alerting would have helped them significantly or totally reduce the harm of the most serious or disruptive events their organisation faced last year. Fifty-six percent of respondents indicated they don't have real-time alerting solutions in place today, but 62% plan to implement or expand their use of such tools, and 54% plan to increase investment over the next 12 months.
Four key findings emerged in the research:
- Many risk leaders are taking too narrow a view of the systemic risks their organisations face. Business risk will become more, not less, complicated to manage in the future, and fewer than a third of risk leaders completely agree that risks to their business can come from anywhere.
- Risk strategies have significantly advanced over the past few years but still have a long way to go. Just 36% of respondents have a C-suite champion leading risk management today.
- Cybersecurity and real-time alerting capabilities will be major areas of focus going forward. Respondents were most likely to cite cyber risk tools and real-time alerting capabilities as the most critical features their next risk management platform must include.
- Successful ERM implementations are driven by aligned leadership, vision and technology. Organisations with highly effective ERM strategies were 27% more likely to have a C-suite leader for ERM, compared to those from lower-maturity organisations. C-suite champions are empowered to work across organisational silos and coordinate with other business leaders.
The survey also found that only 18% of respondents reported that their current ERM strategies are effective or very practical across all five capabilities surveyed, including identifying, evaluating, monitoring, responding to, and communicating about risk.