Skip to main navigation

Technology risk management in a cyber world: a C-suite responsibility-What’s the fix? - EY - Global

Technology risk management in a cyber world: a C-suite responsibility

What’s the fix?

  • Share

In a hyper-connected world, no organization can be 100% secure.

Organizations need to ensure that they are secure enough to protect customer information and intellectual property and avoid potential lawsuits, brand damage and loss of shareholder value.

Five actions the C-suite will need to consider:

  1. Identifying and quantifying the real risks. The technology risk management lifecycle is a process that:
    • Defines how the external threats specifically apply to the company
    • estimates their potential business impact
    • Defines the possible legal consequences
    • Considers the risk management options based on a cost/risk reduction analysis
    • Presents a prioritized financial-based set of risk management options for all relevant risks
    • Makes a business decision based on the company’s risk tolerance
    • Executes the decision

  2. Protecting what matters most. Senior executives should champion a risk management strategy to protect business growth, brand and high-value data and systems, as well as improve processes that control liability by putting in place programs that help detect, deter and respond to breaches both internally and externally.

  3. Sustaining an enterprise-wide program. The management of technology risks needs to be a board-level priority, where executives understand that well-established risk management practices need to be applied to security-related risks.

  4. Optimizing for business performance. Aligning all aspects of technology risks with the business, including information/cyber security, privacy, and physical and business continuity/resiliency, will not only protect the bottom line, it will also generate cost efficiencies and improve performance.

  5. Enabling business performance. Safeguarding against cyber breaches and protecting the organization’s critical assets should is rapidly emerging as a board fiduciary responsibility. When done well, the proposed enterprise-wide program can enable business performance through faster product launches, more effective customer communication and higher-quality information for decision-making.

<< Previous | Next >>


Answers to your questions, at a glance

5: insights for executives series asks five questions to get to the core of an issue – and answers them at a glance.

Related content


Contact us

Back to top