The CSO Roundtable of ASIS released the results of a comprehensive enterprise security risk management (ESRM) survey.
The survey, conducted in fall 2009, asked which risks were the most challenging, where organizational support for ESRM initiatives came from, which business elements were included, what security’s role in the process was, who had ultimate responsibility for risk, and other benchmarking questions. More than 280 people responded to the survey.
The survey revealed that database theft, network failure, and economic problems are top concerns for today’s security personnel. CSOs reported that the greatest non-security risk they face is the downturn of the economy, followed by business issues, such as competition and regulatory pressures. More than half of the CSOs surveyed said that their security departments are involved in researching, prioritizing, mitigating, or evaluating these non-security risks.
Survey results indicate that the vast majority of security professionals believe that excellent business management, leadership, and communication skills – not security expertise – are the traits that will lead to success in ESRM.