How Risk Aligned is Your Business?

HOW RISK-ALIGNED IS YOUR BUSINESS?Your business is only as strong as its security program. Take this quiz to find out how aligned your security program is with the wider business strategy.Start the QuizQuestion 1 of 5. Does the security team work with business leaders to evaluate and plan risk management?No. Security risk is completely separate.Yes and no. They're both addressed, but business risk is the priority.Yes. Security risk is fully integrated with business risk.Only 18% of organizations score high in the alignment of their business objectives with their security program management. Optiv Security, 2018.Question 2 of 5. How often do C-suite and board members evaluate security risk?Never. Risk is only discussed within the security team.Annually. We do an assessment and the C-Suite sees a report.Regularly. We adjust our strategy and security program based on results.67% of boards of directors are putting pressure on senior executives to increase management involvement in risk oversight.Question 3 of 5. What role does compliance play in managing security risk?It's minor. We don't worryu about compliance too much.It's the goal. We seek only compliance.It's an outcome. Having a holistic security strategy ensures compliance.The average cost for organizations that experience non-compliance incidents involving data is $14.82M.Question 4 of 5. Is the business prepared to respond and recover in the likely event of an attack?No. It'd be pure panic mode.I think so? We have controls in place for it, anyway.Yes. We have a formal incident response plan, and practice it.77% of organizations do not have a formal cybersecurity incident response plan in place. Ponemon Institute sponsored by IBM Resilient, The Third Annual Study on the Cyber Resilient Organization, 2018.Question 5 of 5. Do security leaders communicate security health to business leaders regularly?Not really. Business leaders wouldn't understand what is is anyway.Mostly. We alls tay on top of emerging threats and attacks.Yes. We make time to learn and educate them in a meaningful way.Only 12% of organizations score a medium rating or higher for their ability to report solid security metrics. Optiv Security, 2018. Based on your responsesYour security program isn’t as aligned as we’re sure you and other business leaders would like it to be.You’re not alone. Only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management. YOU MIGHT BE SPEAKING DIFFERENT LANGUAGESC-suite and board members speak about risk in terms of business impact, financial loss and reputation. To have a productive conversation with business leaders, security professionals have to translate IT speak into how security issues impact overall business objectives.Based on your responsesYour security program could benefit from some fine-tuning.

There appears to be alignment (great!), which puts you ahead of many organizations. In fact, only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management.

THERE'S OPPORTUNITY TO HONE IN ON WHAT MATTERS MOSTIt’s essential to work with business leaders to understand and articulate enterprise business objectives so that, together, you can build a security strategy and program that enables adaptive, risk-based decision-making.Based on your responsesYour security program is in lock step with your business strategy.Your program and business strategy are so in sync they finish each other’s sentences––a rarity in today’s digital world. In fact, only 18% of organizations Optiv assessed scored high in the alignment of their business objectives with their security program management. RISK MANAGEMENT IS AN ONGOING ACTIVITYSmart and sustainable security programs are the product of regular conversations, decisions and inputs that enable adaptive, risk-based decision-making. So keep the conversation with business leaders going!Get the bigger picture. Contact Optiv for a full risk assessment and evaluation attuned to your business needs.