In the last decade an exponential “digitalization” growth of internal business processes and those in interaction between the company and customers/users has been performed. Business processes are now increasingly reliant on IT assets which have always represent an important key-element in the past, and have become a strategic resource today.
Cyber risk, which has been considered a secondary risk is now assuming a bigger relevance and is considered one of the most critical between risks due to three main reasons:
- The strategic nature of IT assets itself
- The increase of “attacks” to the IT infrastructures caused by the bigger relevance and higher value that information has for companies
- Ease of performing “attacks” due to the very low costs of carrying out most of the offensive actions
Cyber Risk thus has turned into Business Risk.
Therefore, information security must be managed organically and combined within the several organizational functions. Above all it must increasingly become a topic to the top management attention, as for other risks such as market, technology and credit risk.
The goal is the full integration of cyber risk within the enterprise risk management, starting from a strategy definition and a proper management process.