AuditBoard Survey Reveals Most Enterprise Digital Risk Management Programs Not Mature Enough to Address Today’s Risk Environment

Only 30% of enterprises are actively mitigating digital risks, although over 90% of risk leaders have them on their radar.

LOS ANGELES, CA — April 28, 2022 — AuditBoard, the leading cloud-based platform transforming audit, risk, and compliance management, today announced the results of their 2022 Digital Risk Maturity Survey, which found that despite the increasing pervasiveness of digital risks, many risk management programs are not maturing quickly enough to keep pace. The survey results are being announced in conjunction with InfoSec Compliance Now 2022, AuditBoard’s virtual event that brings together industry leaders to explore the emerging trends and progressive approaches advancing the IT security compliance field.

Today, enterprises are more digitally dependent than ever, investing heavily in digital transformation efforts to modernize, gain efficiencies, and adapt to the enduring environment caused by the COVID-19 pandemic. AuditBoard’s Digital Risk Maturity Survey sought to discover how enterprises currently undertake digital risk management by surveying more than 125 risk leaders across a range of industries about their approaches to navigating today’s dynamic risk environment.

Key results of the survey include:

Enterprises are maturing, but not fast enough

While more than 90% of respondents have digital risk on their radar, only 30% are at a stage of maturity where they are actively mitigating digital risks. The majority of respondents (over 69%) revealed their organization is at an early stage of defining and assessing digital risks, and not yet mitigating or monitoring them continuously. Fragmented audit, risk, and compliance practices are a key reason for lagging maturity. Respondents reported managing digital-related risks separately as part of IT/cybersecurity (32%), operational risk (11%), enterprise risk (31%), or other areas of risk management (18%). 

Meanwhile, 78% of respondents have placed ownership of digital risks with functions outside of business operations (such as IT or security), which can lead to inappropriate categorization of these risks as technical or compliance-only and create siloed risk management efforts. To get ahead of digital risks, risk teams may need to make changes to keep pace with management and board expectations.

Enterprises are struggling to generate reportable metrics to quantify digital risk

84% of respondents currently do not report measurable metrics to their management. Of the minority who claim to use reportable metrics, 89% describe the activity as measuring only one component of digital risk, such as technology or fraud. These results indicate that most enterprises have not yet reached the level of maturity to capture the metrics needed for continuous risk monitoring throughout their digital transformation journey, despite the critical importance of analytics to a successful risk management program.

Investing in risk management technology is essential to keep pace with expanding digital risks

While 38% of respondents said they are managing digital risk manually using spreadsheets, shared drives, and email, over half (51%) reported using some form of risk management software. Of those leveraging technology, 32% report using cloud-based risk management software. The ability to analyze data provided either directly by a third party or indirectly through an independent data source (such as a security ratings service) is essential for such a complex risk environment. This underscores the importance of cloud-based technology, whose integration capabilities ensure the transfer of large amounts of data between systems. 

“With the rapid acceleration of digital risk, it’s imperative that business leaders from the boardroom to the C-suite make digital risk management a top priority to safeguard their success,” said John Wheeler, former Gartner IRM Analyst and Senior Advisor, Risk and Technology at AuditBoard. “To achieve better visibility and understanding of strategic, operational, and technology risks across the business landscape, enterprises must adopt an integrated risk approach supported by the right technology — allowing them to accelerate program maturity and actively manage digital risk in today’s increasingly volatile environment.”

AuditBoard collected data from more than 125 enterprise risk leaders in an online survey from March 2–13, 2022. To see the full results of AuditBoard’s 2022 Digital Risk Maturity Survey, please visit AuditBoard.com.