skip to main content


Security protection of new technologies (part of achieving digitalization) needs to be integrated strongly with risk management and governance, and this should be reflected in organization-level changes, rather than being seen as solely a technical matter.


  • The relentless increase in the intensity of IT within organizations, and the ever more rapid technological change being adopted within business processes, means that risks relating to IT are a more important organizational concern than ever.
  • The continuing elevation of the business status of technology must be matched by greater maturity in considering the related risks, and applying business knowledge to drive the right approach to protecting the value that should accrue from technology investments.
  • The capability to manage risks arising from technologies delivered as services, from outside enterprises, is increasingly important to organizations under digitalization initiatives, and for many this will be an area requiring new resources and expertise.

Features and Benefits

  • Examines how the scope and integration of risk management and security must broaden to cover new risks from digitalization.
  • Identifies how addressing issues around organizational structure and processes is as important as those relating to technology.
  • Explains how integrating risk management with security enables focus on relevant business objectives.
  • Gives examples of how new technologies involve potential risks for security and risk management to address .

Key questions answered

  • How should CISOs roles evolve to meet new security and risk challenges from digitalization?
  • How can risk information relating to security issues be used as a source of organizational value?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for enterprises
  • Recommendations for vendors
  • Recommendations for service providers

The scope of risk and security management must broaden to cover new risks from digitalization

  • Governance principles must control technology delivery and use
  • Digitalization focuses perspectives on information value and risk

Addressing organizational structure and processes is as important as technology

  • Security and governance should be integrated with board-level responsibilities
  • CISO responsibilities are increasingly critical to all types of organization

Integrating risk management with security enables focus on relevant business objectives

  • Risk insight enables security problems to be analyzed in a business context
  • Risk should underpin business cases for security investment

Security and risk management must address new technologies that constitute potential risks

  • Rigorous management capabilities typically lag the maturity of new technologies’ adoption and implementation
  • Risk and compliance management of externally provided technology is a rapidly increasing requirement


  • Methodology
  • Further reading
  • Author