Are we losing yet?

That’s what I asked myself after reading the IC3 Internet Crime Report, which shows:

  • A 22.3% increase in complaints over 2008
  • Total dollar loss from all referred cases was $559.7 million, **up over 110%** from 2008
  • Of the top five categories of offenses, identity thieft ranked second, at 14.1% of complaints; computer fraud (destruction/damage/vandalism of property) ranked fifth, at 7.9% of complaints.


The security industry readily admits that cyber-criminals are evolving their attack tactics faster than we’re evolving our defenses. How long can we continue to fall behind before we should start saying that we’re losing?


Top Challenges in Enterprise Risk Management

As I close out my client inquiry records for the quarter, it’s interesting to review some of the common challenges risk management professionals are currently facing. I was impressed to see how closely the issues I deal with were covered in the month’s edition of Risk Management Magazine. In an article entitled, “10 Common ERM Challenges,” KPMG’s Jim Negus called out the following issues:

  • Assessing ERM’s value
  • Privilege (of access to risk information)
  • Defining risk
  • (Selecting a) risk assessment method
  • Qualitative versus quantitative (assessment metrics)
  • Time horizon (for risk assessments)
  • Multiple possible scenarios
  • ERM ownership
  • Risk reporting
  • Simulations and stress tests


Negus provides good perspective on these challenges as well as some ideas for solutions. The list is fairly comprehensive, but there are several other challenges that I would have included based on the inquiries I get. First and foremost, the role of technology in risk management – whether for assessments, aggregation, or analytics – comes up very frequently, and vendor selection initiatives have been plentiful since mid-Q4 of last year.

Defining risk management’s role within the business (and vice versa) is also an extremely common topic of conversation. As rules and standards keep changing, this will remain a top challenge. Other frequent issues include event/loss management, building a risk taxonomy, and evaluating vendor/partner risk. 

Read more