TECH SUPPLIER Sep 2019 - IDC Survey Spotlight - Doc # EUR145475019
How can European Enterprises Use Risk to Understand the Business Impact of Security?
This IDC Survey Spotlight illustrates how risk is the bridge by which security teams can aim to build influence amongst the broader business. Indeed, IDC's research shows that it is in risk optimization that the business views the primary opportunity for the security team to add value.
Key to this is the notion that, to understand the enterprise's risk posture, the security team must measure itself through the use of risk-based key performance indicators (KPIs). IDC research shows that progress is being made, with three of the top 10 European security KPIs being risk based in nature. However, the top 10 (especially the top 5) remains dominated by traditional measures such as time to resolution and total number of events.
This report draws upon IDC's European Security Strategies Survey, which was completed in July 2019. The purpose of the survey was to gain insights into the business and technical challenges, priorities, and strategic objectives of enterprises with respect to their security, privacy, and risk management activities. The survey gathered detailed replies from 700 respondents across a wide range of industries across Western, Central, and Eastern Europe.
"Risk is a critical concept for the security team as it provides a 'lingua franca,' enabling the security team to express itself in terms that the business understands. But risk can also help security teams to demonstrate the impact they provide for the business. To prove that they are oriented around supporting business outcomes, security teams must be able to show how they are measuring themselves in terms of enterprise risk optimization," said Dominic Trott, research director, European Security and Privacy.