Is Your Company Taking Risk Reduction Too Far? According to CEB, 72% of Organizations Hinder Peak Performance with Outdated and Overly Restrictive Approaches that Cost Individual Companies More than $20 Million Annually
ARLINGTON, Va., April 15, 2013 /PRNewswire/ -- CEB (NYSE: CEB), the leading member-based advisory company, has released its latest Executive Guidance indicating that 72 percent of companies are hindering peak performance with outdated and overly restrictive approaches to information security. In today's collaborative work environment, ability to access and leverage information is more critical than even before to drive productivity and growth. Unfortunately, most companies are working with outdated policies that limit this access, resulting in as much as $20 million in performance drag annually for large organizations.
In a study of 3,000 executives and more than 220,000 employees, CEB found that companies must change the way they think about information risk shifting from a "reduction" to a "management" mindset in order to maximize productivity and achieve business goals. Given that 81 percent of senior executives report that new uses of information are central to their growth strategy and 93 percent of employees admit to violating information security policies because they prevent them from doing their jobs effectively, organizations must learn to balance the risks and rewards of information access as a necessary cost of doing business.
"Most risk managers mistakenly believe their role is to reduce risk. Instead, the primary goal of information risk management must evolve from risk reduction to maximizing the business value of information," said Jeremy Bergsman, managing director, CEB. "Business unit leaders need to manage information risk differently to taking accountability for decision making. Risk management functions, including information security, legal and enterprise risk management, must work jointly to define the scope to be managed and the set of activities necessary for business leaders to successfully share responsibility."
Business leaders seeking to manage risk effectively should stop risk managers from focusing on risk reduction, and instead direct them to empower business unit leaders to share in the risk management process. By redefining information risk management as maximizing the business value of information, organizations can make responsible decisions that increase productivity and drive growth.
CEB is the leading member-based advisory company. By combining the best practices of thousands of member companies with our advanced research methodologies and human capital analytics, we equip senior leaders and their teams with insight and actionable solutions to transform operations. This distinctive approach, pioneered by CEB, enables executives to harness peer perspectives and tap into breakthrough innovation and improvement without costly consulting or reinvention. The CEB member network includes more than 16,000 executives and the majority of top companies globally. For more information, visit www.executiveboard.com.