Everyone knows that IT is a cost center. What many people don't know is that recognizing and leveraging the connection between security risk mitigation and profits can create profit margin growth.
While 73 percent of executives surveyed believe risks are on the rise, according to the new survey, "Risk in review: Decoding uncertainty, delivering value", PwC, April 2015, only 12 percent of those are successful risk management leaders. Over the most recent three-year stretch, 41 percent of that 12 percent produced an annual profit margin growth of more than 10 percent, according to the survey. Risk management doesn't simply mitigate risk, it magnifies net income.
CSO explores the relationship between risks and profits and how enterprises can use information security risk management to increase profit margin growth.
The risk management & profit margin growth relationship
"Information security risks affect profit margins by impacting enterprise reputations, share prices, and the ability to operate effectively," says Bill Sweeney, Financial Services Evangelist for BAE Systems Applied Intelligence. Good risk managers and management methods can counter that impact, producing profit margin growth.
"Effective risk management is more like brakes on a car. You don't have brakes to drive slowly, you have brakes to allow you to drive faster and stay in control," says Sweeney. Banks for example use capital to stay in control. Some financial institutions retain capital to guard against losses that are due to security breaches.
These capital set asides in the banking space are a great example of how the relationship between effective risk management and profit margin growth are a direct cause and effect relationship. "Effective risk management frees up capital for money making businesses. Ineffective risk management reduces capital available to the business," says Sweeney.
Using risk management to increase profit margin growth
"Because criminals continue to penetrate companies resulting in increased costs for protection and incident response, cyber risk is now an operational risk. Increased cost equals reduced profits. Enterprise information security risk management, which means operationalizing security, reduces loss and increases profit," says Sweeney.
To use risk management for profit margin growth, isolate the risks that are particular to your enterprise and industry vertical using best practices like those published by NIST or in the Federal Financial Institution Examination Council's IT Examination Handbook InfoBase for example. If there is a recognized security risk assessment for your industry, consider using it or a blended assessment including steps from other tests as well. Then follow these mantras as you use risk management to stir profit margin growth. First, know that the price of security is typically less than the cost of catastrophic network invasions.
Sign up for CIO Asia eNewsletters.