Data is a Security game-changer

Harnessing data is often seen as the cure for a lot of industry ails, however most companies are not at the stage of being able to implement data analytics processes and platforms. In fact, in my experience I often get the impression that even being able to collect data is a big challenge to many larger organizations. Their information comes from a variety of systems that each have their own characteristics and data structure. Getting to the point of collecting useful and integrated data requires significant investment, but will certainly help Security departments deliver on their remits.

Once the data is collected, being able to analyse it requires knowing what to look for. This involves identifying key performance indicators and pinpointing where the Security department can contribute and add value to the organization. The issue of changing perceptions of the Security department as just a cost driver has been discussed at length, and strategic data usage can definitely support this (see Kim Rahfaldt’s latest piece in Security Magazine). 

Ultimately, having useful data and the ability to analyze it quickly will likely be the game-changer that enables Security to come into its own as a value-adding department. In particular, I believe that the use of predictive analytics to spot trends in the risk landscape and suggest relevant measures will be a critical value driver that really shifts the perception of what Security departments can offer.

We are on this journey with our platform. Our initial analysis underlines that the data is out there, with basic statistical analysis providing a solid basis for identifying changes in risks and suggesting relevant ways to address them.

Data is a Security Game-Changer

How do you begin to understand your security risk culture?

As the old adage goes, “culture eats strategy for breakfast”. A great security risk management strategy will go nowhere if your organization doesn’t have the right culture to implement it.

So how do you go about understanding what your culture is, and what the gaps are between this and where you want to be? Chances are, you’ve already got the data you need to back up what you’ve seen from your experiences and conversations. You can use this data to highlight behaviors, outcomes, trends and hotspots in your organization’s security risk management.

 How have you addressed understanding and changing security culture in your organization?

culture data.png

Are you using data operationally, or are you using data to improve business performance?

New research from Marsh and RIMS shows the majority of Risk Managers are using risk management data for operational tasks such as insurance renewal decisions, providing data to external parties and for ad-hoc enquiries and situations. Only a minority are using data to support strategic planning, improving long-term operational performance and making adjustments to risk management strategy.

How do you use risk management data in your organization, and does it align with your security risk management goals?

Risk management data use.png

How successful is your organization at having data-driven security conversations?

Security management questions may seem straightforward, but quickly and accurately responding to them often involves a lot of behind-the-scenes manual data gathering, processing and analyzing.

Organizations are dealing with more security data than ever before, which can easily overwhelm these manual processes and make it even harder to use data to drive security risk management decisions. A more streamlined approach using cloud-based management platforms would actually enable your organization to make the most of the growing amount of data, perform quicker analyses and provide a more immediate and accurate overview.

What’s holding your organization back from taking a more data-driven approach to its security risk management?

Security risk management and data management