Percentage of top risks assessed that are cyber

This measure calculates the percentage of top risks (e.g., enterprise-level risks) assessed that are in the cyber category. Cybersecurity is defined as the ability to protect or defend the use of cyberspace from cyber-attacks. It is the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this, including defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. This Supplemental Information measure is intended to help companies evaluate additional variables related to the process group "Manage enterprise risk".

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources.

Want to unlock access to all of our resources?

Learn about Membership Arrow with stem
Measure Category:
Supplemental Information
Measure ID:
107812
Total Sample Size:
219 All Companies
Performers:
25th
- Median
- 75th
-
Key Performance
Indicator:
No

Compute this Measure

Units for this measure are percent.

Back to Top
Percentage of top risks (e.g., enterprise-level risks) assessed that are in the cyber category

Key Terms

Back to Top

Cybersecurity

Cybersecurity is the ability to protect or defend the use of cyberspace from cyber-attacks. It is the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this, including defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

Measure Scope

Back to Top

Cross Industry (7.3.0)

  • 11.1.1 - Establish the enterprise risk framework and policies (16439) - Creating an agenda for the rules and regulations of enterprise risk that deal with hazardous, financial, operational, and strategic risks.
    • 11.1.1.1 - Determine risk tolerance for organization (16440) - Recognizing the organization's tolerance for risk, given risk-return trade-offs for one or more anticipated and predictable consequences.
    • 11.1.1.2 - Develop and maintain enterprise risk policies and procedures (16441) - Establishing and maintaining the policies and procedures for managing risk. Create rules and regulations for enterprise risk dealing with hazardous, financial, operational, and strategic risks.
    • 11.1.1.3 - Identify and implement enterprise risk management tools (16442) - Recognizing and implementing tools for managing risk. Identify and apply enterprise risk management tools. Leverage methods and processes to manage risks and opportunities associated with business objectives.
    • 11.1.1.4 - Coordinate the sharing of risk knowledge across the organization (16443) - Communicating the knowledge about risk within the organization. Identify operational risks. Share risk information within the organization.
    • 11.1.1.5 - Prepare and report enterprise risk to executive management and board (16444) - Preparing and presenting reports about enterprise risk to the management of the organization. Create reports for management on hazard risks (e.g., property damage and liability torts), financial risks (e.g., currency and liquidity risks), and operational risks (e.g., product failure, customer satisfaction, social trends, and competition).
  • 11.1.2 - Oversee and coordinate enterprise risk management activities (16445) - Coordinating to plan, organize, lead, and control the activities of an organization in order to minimize the special effects of risk on capital and earnings.
    • 11.1.2.1 - Identify enterprise level risks (16446) - Determining risks that could thwart objectives. Document and communicate the concern.
    • 11.1.2.2 - Assess risks to determine which to mitigate (16447) - Identifying options/actions to enhance opportunities and reduce threats. Recognize the root reasons of the identified risks.
    • 11.1.2.3 - Develop risk mitigation and management strategy and integrate with existing performance management processes (16448) - Developing activities to improve opportunities and lessen threats. Specify the organization's objectives. Evolve strategies and policies to attain these objectives. Assign resources to project objectives.
    • 11.1.2.4 - Verify business unit and functional risk mitigation plans are implemented (16449) - Checking that the blueprint created for managing risk in individual business units and divisions is correctly effectuated. Validate the implementation of all activities geared to mitigate risks.
    • 11.1.2.5 - Ensure risks and risk mitigation actions are monitored (16450) - Ensuring risk monitoring and mitigation activities. Monitor actions to enhance opportunities and reduce threats to project objectives.
    • 11.1.2.6 - Report on enterprise risk activities (16451) - Creating a report of activities to address hazard risks, liability torts, financial risks, operational risks, social trends, competition, etc.
    • 11.1.2.7 - Coordinate business unit and functional risk management activities (16452) - Coordinating risk management activities to improve opportunities and lessen threats. Specify the organization's objectives. Assign resources to project objectives.
    • 11.1.2.8 - Ensure that each business unit/function follows the enterprise risk management process (16453) - Checking each business unit's/function's options and activities to improve opportunities and lessen threats.
    • 11.1.2.9 - Ensure that each business unit/function follows the enterprise risk reporting process (16454) - Checking the reporting process of each business unit's/function's options and activities to improve opportunities and lessen threats.
  • 11.1.3 - Manage business unit and function risk (17462) - Analyzing the threats a business unit/function faces to prioritize the controls it implements..
    • 11.1.3.1 - Identify risks (16456) - Developing a timely and continuous process to identify activities that might hinder a project's goals.
    • 11.1.3.2 - Assess risks using enterprise risk framework policies and procedures (16457) - Determining the possibility that a specified undesirable event will occur using established tools, implements, and frameworks. Use risk assessments to determine, for example, whether to undertake a particular venture, what rate of return a particular investment requires, and how to mitigate an activity's potential losses.
    • 11.1.3.3 - Develop mitigation plans for risks (16458) - Developing possibilities and arrangements to improve opportunities and reduce deviations to project objectives.
      • 11.1.3.3.1 - Assess adequacy of insurance coverage (18129) - Evaluating the changing needs for insurance coverage. Research available insurance providers and offerings.
    • 11.1.3.4 - Implement mitigation plans for risks (16459) - Executing mitigation plans to improve opportunities and reduce deviations to project objectives.
    • 11.1.3.5 - Monitor risks (16460) - Identifying, examining, and recognizing/justifying any improbability in investment decision making.
    • 11.1.3.6 - Analyze risk activities and update plans (16461) - Examining the impact of risk activities in order to update the existing scheme of risk management. Analyze and substantiate the potential for adverse consequences to occur. Consider the risks associated with the activity and the methods available to manage those risks.
    • 11.1.3.7 - Report on risk activities (16462) - Creating reports on risk activities, and communicating them to management. Prepare reports on the potential for adverse safety consequences.