Cyber risk management confidence is high

Cyber risk has become top of mind at any organization.

The 2023 RiskOptics Cyber Risk Viewpoints Report indicates that while this is true, there appears to be a disconnect between confidence levels and the actual ability of organizations to put their cyber risk programs into action.

Security leaders are confident they have the right processes (93%), people (90%), technology (90%) in place for cyber risk management.

Yet challenges persist

According to respondents, the biggest challenges that organizations face when building an effective cyber/IT risk management program are:

  • Increased quantity and severity of cyber threats – 49%
  • A lack of funding – 37%
  • Lack of staffing/cyber risk talent – 36%
  • Lack of understanding of cyber/IT risks from leadership – 35%
  • Inability to communicate cyber/IT risk effectively – 32%
  • Outdated technology – 32%
  • Inefficient processes – 31%
  • Leadership turnover – 29%

The Stakes are High

The consequences of a failed cyber/IT risk management system that respondents fear most are:

  • 30% A security breach
  • 21% Reputational damage
  • 18% Loss of business opportunities

And there’s little agreement around what the risks actually are

Risk management is clunky at best and misunderstood at worst.

Despite the high level of confidence organizations have when it comes to their risk management systems, it may pan out differently when put into practice.

In fact, cyber and IT risk management proves to still be a confusing space, even for those who work in it.

  • 45% defined risk the same way
  • 47% defined threat the same way
  • 52% of SVPs say their biggest challenge is a lack of understanding of cyber/IT risks from leadership.

Risk management is more complex than it needs to be

46% say its easier to sign up for health insurance than perform a cyber/IT risk management task.

IT teams struggle to keep up

Among the challenges organizations are facing, staffing and employee turnover landed in the top three, indicating that bandwidth is likely playing into decisions when it comes to cyber/IT risk management programs.

Here’s what cybersecurity risk practitioners are saying2:

  • 80% “Cyber/IT risk team leaders are under-resourced.”
  • 79% “There has been significant turnover among the cyber/IT risk team.
  • 87%Pressure on our cyber/IT teams is increasing.”

The talent shortage deepens

IT teams are understaffed and being stretched thin—especially in cybersecurity.

3.4M cybersecurity workers needed worldwide.3

Result: Security gaps persist

With the automation and technologies available today, completing an audit should be relatively easy.

But unfortunately, even organizations with tools in place may not be using them to their fullest capabilities.

Because of these inefficiencies, some risk management tasks just aren’t getting done.

For example:

23% of organizations do not evaluate third-party vendors for risk.
What’s more concerning is this is happening more in highly regulated industries that have large ecosystems of suppliers and partners, including manufacturing (30%) and healthcare (25%).

Automation can help But it’s often underutilized.

56% use automation as part of their cyber/IT risk management process… but only 26% use it all the time.

The threat is real. The solution is clear.

In today’s cyber risk environment, it’s no longer enough to simply check the box or go through the motions. When done effectively, risk management can be used to give an organization an advantage by enabling the business to move fast and take on risk in a way that aligns with the organization’s risk appetite and tolerance.

The RiskOptics ROAR Platform provides a unified, real-time view of risk and compliance framed around business priorities, enabling CISOs and InfoSec teams to take a proactive approach to risk management while reducing manual work and surfacing hidden risk.

Quantify the impact of risk on your business, communicate that impact to key stakeholders and mitigate expensive data breaches, system failures, lost opportunities and vulnerabilities across your own and third-party data while adhering to compliance requirements.

Download the 2023 RiskOptics Cyber Risk Viewpoints Report now to learn more.


2 Percentage of respondents who strongly or somewhat agree with each statement.

3 (ISC)2 Cybersecurity Workforce Study 2022