State of enterprise risk management 2020

In a constantly changing business landscape, new risk can emerge quickly, allowing little time for enterprises to respond. Enterprise leaders often question if they are too risk averse, not risk averse enough, or if they have invested the right amount in risk management.

To help answer these questions and guide their risk management initiatives, ISACA, Infosecurity and CMMI Institute conducted global research among risk professionals and leaders. This research answers questions such as:
  • How has your organization’s risk level changed in the past 12 months?
  • How mature are your risk management processes?
  • What is the most critical category of risk facing your organization today, and what will it be in the next 18-24 months?
  • What are the top mitigation controls in your organization to protect against a critical cybersecurity failure?
  • When a new threat or vulnerability is detected, how long does it take your organization to put countermeasures in place to mitigate it?

View the report, graphic and insights below to see how 4,500 risk specialists answered these questions and more—and how your organization compares.


New Release

Blog Post

Practical Recommendations for Better Enterprise Risk Management
by Tracey Dedrick,
ISACA board director


Tichaona Zororo

“The opportunities presented by digital technologies are numerous and so are the risks. Enterprises should seek to realize the benefits of disruptive technologies while also optimizing the plethora of cyber risks that come with them. Risk should be integrated into strategy formulation. The board and senior executives should always ask what can go wrong and how that will be addressed to realize enterprise strategic and performance objectives.”

Tichaona Zororo
Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor, CIA, CRMA ISACA board director and IT Advisory, with EGIT | Enterprise Governance of IT (Pty) Ltd.
Rachelle Loyear

Although the earliest adopters of the digitized 4th Industrial Revolution were in manufacturing, the drive to digitize and automate is now ubiquitous — in everything from ordering a burger, to checking into a hotel, to calling your smart car to drive itself from its parking spot and pick you up…valet parking without the tip! This is the vanguard of a trend that is not slowing down, but is heading directly for the security industry. This movement is bringing the security industry into the world of Security 4.0, whether we are prepared to meet the risks associated with it or not.”

Rachelle Loyear
Rachelle Loyear VP of Integrated Security Solutions for G4S Americas
Raef Meeuwisse

“The challenge with resolving cybersecurity risk is that it is expensive. Security is most cost-efficient when it has been designed in from the very beginning. The later a security fix is applied, the greater the cost to fix the problems. Just look at any company that has incurred major financial and reputational damage due to a megabreach. How much cheaper would it have been to have implemented better security in the first place?”

Raef Meeuwisse
Raef Meeuwisse, CISM, CISA ISACA expert speaker and author of Cybersecurity for Beginners