No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Security and Privacy: Head-on Collision or Blissful Matrimony?

by Matt Shinkman
December 16, 2015
in Risk
Security and Privacy: Head-on Collision or Blissful Matrimony?

with co-author Daniel Herd

Identifying and managing emerging risks is perennially a top concern for most organizations, as an unforeseen threat can quickly impact company operations in a significant way. CEB research shows that progressive companies regularly scan for new risks and embed systems and processes that enable them to detect risks early. They also work to uncover risks by encouraging contrarian thinking and questioning strategic assumptions.

With this in mind, every quarter, we survey senior executives in risk, audit, finance and compliance at leading companies on key emerging risks and the potential impact, probability and velocity for their organizations. The dashboard in Figure 1 captures the percentage of survey respondents that select a given emerging risk as one of their top five concerns, giving us insight into which emerging risk events are the most important to companies.

Figure 1

Emerging? Emerged? Enterprise? What’s the Difference?

We are often asked how we define “emerging risk” and about the difference between an existing and an emerging risk. While some consider this to be more semantics than substance, the confusion that often arises in conversations about new risks warrants a specific definition. For example, some clients we work with wonder why we haven’t included cybersecurity on our list of emerging risks, despite its prominence as a top risk for most companies. However, is cybersecurity really a new risk? Can we reasonably say that it is truly emerging, or has it already emerged to be front-and- center for most organizations?

Based on our conversations with ERM leaders at more than 300 companies, we have concluded that an emerging risk takes the form of a systemic issue or business practice that has either not previously been identified or has yet to cause significant concern. Given that the complexity of emerging risks often leads to a high level of uncertainty, an emerging risk frequently leads to the implementation of an interdisciplinary risk treatment plan.

Data Control

Data control is a risk that has recently risen to the top of many leaders’ lists of concern. Cases of cyber hacking and fraud have expanded national security priorities beyond traditional national security efforts into the private sector. Recent hacks of the OPM, IRS and CIA Director have put a spotlight on the hacking attempts organizations in the private sector face on a daily basis and the potential for national security concerns that could result (imagine a hack of a nuclear power plant). This has led the government to expand national security priorities and begin mandating heightened and more formal cooperation between the public and private sector in order to facilitate the tracking of potential threats.

However, many in the private sector have resisted these efforts, with some arguing that collaboration should not come at the expense of customers’ privacy. Further, some companies have raised concerns that close cooperation between the private sector and U.S. government authorities could be perceived by foreign investors and authorities as threats to their own national security. This leaves these firms with higher barriers to market entry and a tougher regulatory environment.

The concerns surrounding data control have never been more prevalent than they are today, especially with the recent U.S. Senate passage of the Cybersecurity Information Sharing Act (CISA), which is expected to be signed in to law in early 2016. CISA authorizes private entities to share information about cybersecurity threats and defensive measures with the federal government. There are a number of protections for companies in the legislation that encourage them to be an active participant in this information sharing. However, while broad consensus has emerged in the last few years regarding the need to enhance sharing of cybersecurity threat information both within the private sector and with the government, these protections largely do not address the concerns of foreign investors.

What the Best Companies Do

Although in many cases companies are prohibited from disclosing their cooperation with government authorities, leading companies are transparent about information disclosure and work with government authorities to ensure new regulations requiring private sector cooperation are reasonable. They also empower employees to participate in public debate about key issues, such as data sharing, that could adversely affect the company. Progressive organizations also track legislation and use a legislative response strategy that evaluates, shapes and prepares them for the consequences of legislative change.

While some organizations worry that the increasing role of government in controlling data flows could lead to resistance among the private sector, foreign partners and investors, there is an opportunity to influence legislation and comply effectively. Progressive companies take steps to ensure that, when it appears that security and privacy concerns are on a collision course, a marriage of common interests is still possible.


Previous Post

A Practical Approach to Supply Chain Risk

Next Post

PwC’s Insights: The Audit Committee’s Role in Deterring Fraud

Matt Shinkman

Matt Shinkman

Matt Shinkman is Practice Vice President for Risk and Audit at Gartner, where he counsels senior risk management and strategy professionals from Fortune 500 companies on the development of their risk management teams and processes. Gartner is a research and advisory company headquartered in Stamford, CT. Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
PwC’s Insights: The Audit Committee’s Role in Deterring Fraud

PwC's Insights: The Audit Committee's Role in Deterring Fraud

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT