Cloud computing ranks as the top risk concern for executives in risk, audit, finance and compliance, according to a recent report from Gartner.
While cloud computing presents organisations with novel opportunities, a number of new risks — including cyber security disclosure and General Data Protection Regulation (GDPR) compliance — make cloud solutions susceptible to unexpected security threats, said Gartner’s latest 2Q 2018 Emerging Risks Report, which was based on responses of 110 senior executives in the surveyed sectors.
Information security risks
Additional information security risks, such as cyber security disclosure and GDPR compliance, ranked among the top five concerns of the executives surveyed.
The top two fast-moving, high-impact risks — those which have the ability to cripple an organisation quickly — are also related to information security threats. Social engineering and GDPR compliance were cited as risks with the ‘highest velocity’—most likely to cause the greatest enterprise damage if not adequately addressed by risk management leaders, according to Gartner. However, only 18% of the cross-functional executives surveyed currently considered social engineering to be a significant enterprise risk.
Executives should expect cyber security threats to affect organisations in unpredictable ways, said Gartner. Through 2022, at least 95% of cloud security failures will be the fault of the organisation. As more sophisticated tactics such as social engineering are engineered to compromise sensitive data, organisations should expand their cyber security team to address evolving digital risks.
Increased cloud adoption must keep up with new risks
“Executives are right to expand cloud services as part of their digital business initiatives, but they need to ensure their cloud security strategy keeps up with this growth,” said Gartner practice leader Matthew Shinkman. “Leaders should start by clearly identifying their most at-risk areas, which remain obscure to many large organisation leaders.”
Gartner forecasts cloud computing to be a $300bn business by 2021, as companies increasingly adopt cloud services to realize their desired digital business outcomes. Through the use of cloud services, cloud computing provides the speed and agility that digital business requires. Adopting the cloud can also result in significant cost savings and generate new sources of revenue.
Organisations still finding it tough to stay secure
Results from Gartner’s report, however, reveal that companies continue to struggle with security. Despite record spending on information security in the last two years, organisations have lost an estimated $400bn to cyber theft and fraud worldwide. As cyber security events and data breaches increase, it is imperative that organisations elevate IT security to a board-level topic and an essential part of any solid digital business growth strategy.
“Executives should promote risk awareness throughout the organisation,” said Mr Shinkman. “A strong risk culture helps employees make the right decisions and mitigates poor outcomes.”
More details can be found here. The top 10 risks for risk, audit and compliance executives in 2Q 2018 can be summarised as follows:
- Cloud computing
- Cyber security disclosure
- AI/robotics skills gap
- Global economy
- AI accountability
- Business ethics
- Risk aversion
- Social engineering