Is Your Company Taking Risk Reduction Too Far?

                Is Your Company Taking Risk Reduction Too Far?

According to CEB, 72% of Organizations Hinder Peak Performance with Outdated
and Overly Restrictive Approaches that Cost Individual Companies More than $20
Million Annually

PR Newswire

ARLINGTON, Va., April 15, 2013

ARLINGTON, Va., April 15, 2013 /PRNewswire/ -- CEB (NYSE: CEB), the leading
member-based advisory company, has released its latest Executive Guidance
indicating that 72 percent of companies are hindering peak performance with
outdated and overly restrictive approaches to information security. In today's
collaborative work environment, ability to access and leverage information is
more critical than even before to drive productivity and growth.
Unfortunately, most companies are working with outdated policies that limit
this access, resulting in as much as $20 million in performance drag annually
for large organizations.

(Photo: )

In a study of 3,000 executives and more than 220,000 employees, CEB found that
companies must change the way they think about information risk shifting from
a "reduction" to a "management" mindset in order to maximize productivity and
achieve business goals. Given that 81 percent of senior executives report that
new uses of information are central to their growth strategy and 93 percent of
employees admit to violating information security policies because they
prevent them from doing their jobs effectively, organizations must learn to
balance the risks and rewards of information access as a necessary cost of
doing business.

"Most risk managers mistakenly believe their role is to reduce risk. Instead,
the primary goal of information risk management must evolve from risk
reduction to maximizing the business value of information," said Jeremy
Bergsman, managing director, CEB. "Business unit leaders need to manage
information risk differently to taking accountability for decision making.
Risk management functions, including information security, legal and
enterprise risk management, must work jointly to define the scope to be
managed and the set of activities necessary for business leaders to
successfully share responsibility."

Business leaders seeking to manage risk effectively should stop risk managers
from focusing on risk reduction, and instead direct them to empower business
unit leaders to share in the risk management process. By redefining
information risk management as maximizing the business value of information,
organizations can make responsible decisions that increase productivity and
drive growth.

To learn more about the challenges of information risk management, visit CEB's
Executive Guidance.

About CEB

CEB is the leading member-based advisory company. By combining the best
practices of thousands of member companies with our advanced research
methodologies and human capital analytics, we equip senior leaders and their
teams with insight and actionable solutions to transform operations. This
distinctive approach, pioneered by CEB, enables executives to harness peer
perspectives and tap into breakthrough innovation and improvement without
costly consulting or reinvention. The CEB member network includes more than
16,000 executives and the majority of top companies globally. For more
information, visit


Contact: Shannon Eckhart, CEB, 571-303-4508,
Press spacebar to pause and continue. Press esc to stop.