As digital platforms have become stalking grounds for ever more cunning cyber criminals, awareness of cyber risk has reached critical mass. Cybercrime and data privacy risks now have the potential to affect every aspect of a company’s operations, and that threat only becomes greater as industries expand their interface with the Internet of Things and other emergent technologies. In response, leading companies have begun to think more proactively and strategically about cyber risk. They understand that cybersecurity solutions can not only protect but also enable the enterprise: facilitating business growth, creating market advantages, and building brand trust.
To study organizations that excel at managing cyber risk and to determine how well our survey respondents are positioned for the new cybersecurity reality, we created a cyber risk management maturity curve. Our analysis shows that advanced cyber risk management maturity is an indicator of advanced risk management capabilities in other areas, with high-scoring companies reporting greater ability to manage strategic, operational, brand, regulatory, financial, and other key risks.
Across sectors, all of our survey respondents expect cyber risk to cause significantly more corporate disruption in the years ahead.
The data is clear: Companies with high cyber risk maturity have better risk cultures.
“While companies are feeling more confident in their capabilities, they remain on a purely defensive footing against cyber risk and have not adopted leading practices that can help grow their competitive edge vis-à-vis cybersecurity and the market.”
Across sectors, all of our survey respondents expect cyber risk to cause significantly more corporate disruption in the years ahead. In the face of this new normal, companies with highly developed cyber risk management practices will enjoy a clear competitive advantage.
The highest-maturity respondents reported all four of the following practices:
Only 3% of our 1,581 respondents scored very high on the curve, while 6% scored high and 17% scored at the mid-level. Remarkably, two-thirds of respondents (66%) scored in the low maturity bracket (e.g., employing only one of these four maturity criteria) and 8% scored as having no cyber risk management maturity.
Improving a company’s cyber risk management maturity appears to have benefits beyond the obvious. Our analysis shows that such maturity is an indicator of advanced risk management capabilities in other areas, with high-scoring companies reporting greater ability to manage strategic, operational, brand, regulatory, financial, and other key risks. On every measure of risk culture, high-scoring companies dramatically outpace respondents overall.
Mirroring our Front Liners’ higher growth expectations, respondents that use all four mature cyber risk management practices show a 63% expectation of profit margin growth during the next two years versus 50% of other respondents. Companies scoring highest on the curve are also somewhat more likely to anticipate revenue growth (75% vs. 71%).