Analysts Answer: What’s the Best Way to Plan for Risk?

Gartner analysts share why risk management activities and tying risk management to the organizations strategy are key in 2017.

Security leaders in 2017 are tasked with the challenging prospect of securing technology in a rapidly changing digital world.


Ahead of Gartner Security & Risk Management Summit 2017, Smarter With Gartner reached out to analysts presenting at the event to learn the best way to manage and plan for risk.

What’s the best way to manage and plan for risk in 2017?


In 2017, companies continue to struggle to manage IT, operational and strategic risks in an integrated way. As a result, today only 25% of companies view risk management as an important strategic tool. Gartner’s new approach, called integrated risk management (IRM), is keenly focused on bridging the gaps between specific risk management domains such as vendor risk management and business continuity. At the same time, IRM provides a way for companies to link risk and performance management to propel their businesses forward in a safe and secure manner.”  



The best way to manage risk in 2017 is to drive better decision making through your risk management activities. Address risk-engaged culture with your non-IT executives and get them involved. Stop any risk management activity that is essentially a time-wasting, paper-pushing process that delivers no value.


MatthewStamperShort answer…ensure your risk management program is tied to the organization’s strategy and mission. Develop a strong working knowledge of the risk tolerances and how they impact the enterprise. Remember, without risk, there’s no reward.  

Gartner Digital Workplace Summit

Insights, advice and tools to help digital workplace and IT leaders achieve their most critical priorities 

Learn More



JeffreyWheatmanLearn your business. Without a comprehensive understanding of your enterprise’s strategy, goals and objectives, it is inevitable that you will be caught flat-footed and blindsided.

Be a better and more effective communicator — the old approaches of purely quantitative risk communication don’t work. Leverage risk perception and sentiment.

Remember that risk management is another business discipline. If we act like what we do is magic, we won’t be invited to the important meetings.



Gartner Clients can learn more in John Wheeler's full research Top 10 Factors for Integrated Risk Management Success, by

John A. Wheeler, et al.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Gartner IT Roadmap for Cybersecurity: A Resilient Strategy

Gartner IT roadmap for cybersecurity based on unbiased research and...

Learn More


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching