No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Cyber Risk Quantification and Prioritization is the Future of GRC

Predictions for 2021 and Beyond

by Matt Kunkel
January 20, 2021
in Featured, Risk
silhouette of businesspeople in meeting with blue cyber background

LogicGate CEO Matt Kunkel shares thoughts on what businesses and risk management professionals can expect in the GRC space in the near future, including how risk prioritization and quantification may define GRC in the years to come.

2020 brought massive business disruptions, economic challenges and increasing consumer privacy and data legislation unlike we’ve seen before. And while governance, risk and compliance policies were previously a back-office function, stuck in spreadsheets and rarely revisited, the unprecedented hurdles we experienced this year have made many organizations reconsider their focus, or lack thereof, on GRC and cyber risk.

“Risk” is considered a four-letter word within the walls of many enterprise organizations. It’s a scary thing to be avoided, a cost to be reduced, an asset to be protected. That all changes in 2021. Forced into the light by the pandemic, GRC practices will become catalysts for top-line revenue creation. Risk leaders will have quicker clarity. More efficient controls and audit processes will help them land new business and make decisions more closely tied to revenue than ever before.

In order for this to be a reality, risk professionals must learn to speak in terms that the board will understand: dollars and cents. To achieve a reality in which ROI conversations become about revenue generation instead of risk reduction, risk leaders must focus on the prioritization and quantification of risk. This reality ultimately allows for the mitigation of key risks so that businesses can take on more strategic risk to drive growth and top-line outcomes.

Cyber Risk on the Rise

When we think about the risks an organization faces each day, information and cybersecurity risks are a top concern. In fact, cyber risk was ranked as a top-five priority by 79 percent of global organizations in the 2019 Global Risk Perception Survey. And, while cyber risk may have started out as a technology issue, it is now an organization-wide problem.

Organizations face both internal and external cyber risks from either malicious or unintentional attacks. The recent increase in cyber risk is tied to an ever-growing reliance on third-party vendors and lightning-fast digital transformation timelines resulting from a forced remote-work atmosphere thanks to the COVID-19 pandemic. Mitigating cyber risk calls for an integrated approach and cross-divisional collaboration.

Mitigating Cyber Risk

Many of the procedures we rely on to drive growth and improve efficiency — outsourcing, reliance on vendors, cloud storage and remote access, to name a few — also increase our cyber risk exposure. So, how do we mitigate it?

  1. Complete a threat assessment. Identify the applications and databases subject to risk, understand the impact of a risk incident on the organization and quantify the financial, operational and reputational impact of the risk.
  2. Build a framework for rating risks. Agree as an organization on what your risk appetite is. Consult reliable risk standards and communicate to the entire organization how you plan to prioritize risks.
  3. Invest in tech. Make risk reporting, compliance and transparency simple by working with a GRC technology vendor to gain a single, company-wide view of risk.
  4. Never stop learning. Technology evolves quickly. Regulations, requirements and legislation change daily, particularly if you enter highly regulated industries. Bad actors become smarter and more tech-enabled every single day. Invest in ongoing training for the front lines of your org — not just the GRC team.

Quantifying and prioritizing these types of risks allows an organization to resolve the risks that are mission critical — like overextended access to employees or customer data — and then resolve them. This will minimize an organization’s risk for a data breach and allow the company to take on additional, strategic risk, like opening a new branch or acquiring competitors in the space. In 2021, cyber risk will have a seat at the boardroom table with a significant focus on quantification, prioritization and, ultimately, mitigation.


Tags: Cyber Risk
Previous Post

FinCEN’s Proposed Changes to the Recordkeeping and Travel Rule Thresholds

Next Post

QuantaVerse Launches New Financial Crime Investigation Report

Matt Kunkel

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

data minimization practices_w

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at...

Next Post
business team interrogate corrupt businessman, money falls from his pockets

QuantaVerse Launches New Financial Crime Investigation Report

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT