We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Average U.S. Data Breach Tops $6.5 Million: How can ERM Help?

Vote 0 Votes
Pensive Businessman.jpg

As I have covered in past articles, proponents of ERM face one primary challenge when presenting their program (or potential program) to management - is ERM worth the investment?

"We are all facing the same challenge of not having a clear way to quantify [the benefits of ERM]," says Puneet Kapoor, Walgreen Co.'s Director of ERM. Recent research, however, now provides the hard data that many in Kapoor's position are seeking - significant evidence that ERM carries financial benefits alongside strategic and operational advantages.

An independent study conducted by Queen's University Management School and University of Edinburgh Business School concludes there is "a highly significant premium of 25% for firms that had been classified as having 'mature ERM' according to the RIMS Risk Maturity Model."

Former RIMS President and current international director at Jones Lang LaSalle Inc. Janice Ochenkowski states "ERM shouldn't exist to be a profit center, a cost center or a group within an organization. Rather, it ought to serve as a catalyst for raising the awareness of risks, and reduction and mitigation of those risks. The success of a good enterprise risk management program is that operationally your managers are thinking about risk and reward as they go about their tasks on a daily basis." Enterprise risk management is the most effective means to streamlining these processes, managing risks, and preventing the oversight around policies and procedures that lead to loss events.

When considering the effective management and prevention of future loss events, significant financial returns become evident. The challenge is communicating those benefits to their executive counterparts, who tend to view ERM as a long term, overhead cost rather than operational efficiency.

As loss events such as cyber hacks and data breaches increase - both in frequency and size - it is clear just how necessary a mature risk program is. A study from Ponemon Institute and IBM found that the average cost for corporate security breaches has jumped 23% in the past two years alone. This increase brings the average international breach up to $3.8 million. Even more noteworthy: the average U.S. corporate breach now tops $6.5 million.

With loss events now more likely and impactful, it is as critical as ever for organizations to adopt ERM software to assist in their risk management efforts.

To see how LogicManager works with companies to manage risk and mitigate loss events, request a demonstration of our software. Also, read our annotated guide on SEC Mandated Cybersecurity Best Practices to learn how best to manage cyber risk from all areas of the enterprise.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven Minsky is the CEO and Founder of LogicManager. the recognized leader of enterprise risk management solutions and is also the developer of the RIMS Risk Maturity Model for Enterprise Risk Management™. LogicManager provides a common, intuitive software-as-a-service platform of scientifically validated enterprise risk management decision and diagnostic tools for more effective corporate governance, risk and compliance.

Recently Commented On

Monthly Archives