In the report, 110 senior executives in risk, audit, finance and compliance at large global organisations identified cloud computing as the top concern for the second consecutive quarter. Additional information security risks, such as cybersecurity disclosure and GDPR compliance, ranked among the top five concerns of the executives surveyed.
The top two fast-moving, high-impact risks — those which have the ability to cripple an organisation quickly — are also related to information security threats. Social engineering and GDPR compliance were cited as most likely to cause the greatest enterprise damage if not adequately addressed by risk management leaders. However, only 18 percent of the cross-functional executives surveyed currently considered social engineering to be a significant enterprise risk.
Executives should expect cybersecurity threats to affect organisations in unpredictable ways. Through 2022, at least 95 percent of cloud security failures will be the fault of the organisation. As more sophisticated tactics such as social engineering are engineered to compromise sensitive data, organisations should expand their cybersecurity team to address evolving digital risks.
Matthew Shinkman, practice leader at Gartner, said, “Executives are right to expand cloud services as part of their digital business initiatives, but they need to ensure their cloud security strategy keeps up with this growth. Leaders should start by clearly identifying their most at-risk areas, which remain obscure to many large organisation leaders.”
Gartner forecasts cloud computing to be a 300 billion dollar business by 2021, as companies increasingly adopt cloud services to realise their desired digital business outcomes. Through the use of cloud services, cloud computing provides the speed and agility that digital business requires. Adopting the cloud can also result in significant cost savings and generate new sources of revenue.
Results from Gartner’s Emerging Risks Report, however, reveal that companies continue to struggle with security. Despite record spending on information security in the last two years, organisations have lost an estimated 400 billion USD to cyber theft and fraud worldwide. As cybersecurity events and data breaches increase, it is imperative that organisations elevate IT security to a board-level topic and an essential part of any solid digital business growth strategy.
“Executives should promote risk awareness throughout the organisation,” Mr. Shinkman stated. “A strong risk culture helps employees make the right decisions and mitigates poor outcomes.”