Are we losing yet?

That’s what I asked myself after reading the IC3 Internet Crime Report, which shows:

  • A 22.3% increase in complaints over 2008
  • Total dollar loss from all referred cases was $559.7 million, **up over 110%** from 2008
  • Of the top five categories of offenses, identity thieft ranked second, at 14.1% of complaints; computer fraud (destruction/damage/vandalism of property) ranked fifth, at 7.9% of complaints.

 

The security industry readily admits that cyber-criminals are evolving their attack tactics faster than we’re evolving our defenses. How long can we continue to fall behind before we should start saying that we’re losing?

Categories:

Top Challenges in Enterprise Risk Management

As I close out my client inquiry records for the quarter, it’s interesting to review some of the common challenges risk management professionals are currently facing. I was impressed to see how closely the issues I deal with were covered in the month’s edition of Risk Management Magazine. In an article entitled, “10 Common ERM Challenges,” KPMG’s Jim Negus called out the following issues:

  • Assessing ERM’s value
  • Privilege (of access to risk information)
  • Defining risk
  • (Selecting a) risk assessment method
  • Qualitative versus quantitative (assessment metrics)
  • Time horizon (for risk assessments)
  • Multiple possible scenarios
  • ERM ownership
  • Risk reporting
  • Simulations and stress tests

 

Negus provides good perspective on these challenges as well as some ideas for solutions. The list is fairly comprehensive, but there are several other challenges that I would have included based on the inquiries I get. First and foremost, the role of technology in risk management – whether for assessments, aggregation, or analytics – comes up very frequently, and vendor selection initiatives have been plentiful since mid-Q4 of last year.

Defining risk management’s role within the business (and vice versa) is also an extremely common topic of conversation. As rules and standards keep changing, this will remain a top challenge. Other frequent issues include event/loss management, building a risk taxonomy, and evaluating vendor/partner risk. 

Read more