Security and risk management leaders responsible for information security must evolve their practices and organizational cultures to keep pace with the digital business era.
“Risk management, governance, business continuity and people — the most important asset — are critical elements of a successful risk and security program,” says Earl Perkins, Vice President, Analyst at Gartner says. “When allocating resources and selecting products and services this year, security and risk management leaders should consider three important strategic planning assumptions.”
By 2022, 40% of business continuity management (BCM) programs will be integrated into the digital business risk management structure rather than exist as separate practices.
The momentum of digital transformation projects within digital business will outpace the ability of organizations to accommodate changes related to security. Concurrently, the growing need to provide 24/7 technology services to support digital business and customer-facing services is changing the way that organizations interact internally and externally. These changes, as well as the constant threat of cyberattacks, will lead organizations to formalize the relationship between BCM and digital information security functions.
“Stakeholders should be urged to accept BCM as part of the organizational structure,” says Perkins. “Managers within the digital business who oversee the delivery of critical activities will need to gain the necessary skills to engage with resilience planning as a business-as-usual function.”
Through 2022, 30% of large enterprises will build a security skills management program including experimental recruiting and talent development practices.
Cybersecurity risks are increasing despite the efforts of trained security professionals. Organizations continue to struggle with attracting, retaining and developing security talent.
Organizations must change their talent development and recruiting practices to be able to address missing skills. Start by building and developing a list of new competencies and skills required to support digital business initiatives. Then adapt short-term skills management practices by outsourcing security functions to managed security service providers (MSSPs) and/or delegating responsibilities to other internal staff.
By 2022, 75% of organizations that outsource email and collaboration tools won’t meet their critical recovery objectives during a supplier outage.
Email and collaboration applications are considered mission-critical resources for most organizations. Conducting business without them can impede production, result in lost transactions and hamper crisis management activities. When an organization outsources these applications, many suppliers do not provide recovery with short timeframes.
“It’s imperative for the organization to maintain internal control and governance over all applications used in the delivery of products and services,” says Perkins. “It is also crucial to understand your vendor’s recovery commitments and communication protocols for outages to ensure they meet recovery requirements.”