Information and security management have often been measured in terms of costs incurred, instead of business outcomes achieved. This is changing as uncertain operating conditions for businesses mean commercial growth is increasingly tied to an accurate understanding of risk. But digital transformation presents new challenges for organisations that want to gain a clearer view of their IT assets, technology risks and vulnerabilities.

"Cybersecurity is a top three risk. We recognise that as a leadership team and as a company, so it will feature quite significantly in 2023."

Chief Information and Security Officer
FTSE 100 packaging business

To address this challenge, senior leaders are developing new strategies to embed information risk management into the fabric of how they do business. Amid this change, we wanted to uncover whether gaps still exist between the ideation of these strategies and the actual maturity of their implementation.

"SecOps models are important because it shows a different
kind of mindset into how security fits into the overall
operations of the organisation"

Que Tran
Regional Chief Information Officer, DP World

In this report, we explore the contextual push and pull factors influencing the information and security sector’s level of maturity. We then outline commonly referenced gaps between the expectation and the reality when it comes to information risk management. The report concludes with guiding principles to help close the expectation gap between strategy and implementation.

Download the report to find out how to move from expectations to reality in information risk management. Benefit from guiding principles and advice from industry leaders, and take away simple but effective strategies to safeguard your organisation's information for competitive advantage. 

Interviewees