Professional Documents
Culture Documents
© 2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This presentation, including all supporting materials,
is proprietary to Gartner, Inc. and/or its affiliates and is for the sole internal use of the intended recipients. Because this presentation may contain information that is confidential,
proprietary or otherwise legally protected, it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.
Top 5 Cyber and IT Residual Risks
SCALE OF LIKELIHOOD (PROBABILITY) TOP 5 RISKS
Theft, Loss or
SCALE OF SEVERITY (IMPACT)
SMALL Cybercrime -
HIGH
Ransomware
R02
Online Brand Risk
INSIGNF’NT - Social media HIGH
R05 misinformation
Classification: Internal
Top 5 Cyber and IT Risk Profile
SCALE OF LIKELIHOOD (PROBABILITY) TOP 5 RISKS
Theft, Loss or
SCALE OF SEVERITY (IMPACT)
Rx = Residual Risk # Rx = Inherent Risk # = Within Risk Tolerance = Outside Risk Tolerance
Classification: Internal
SCALE OF SEVERITY (IMPACT)
VERY CATASTROPHI
SCALE OF LIKELIHOOD (PROBABILITY)
MINOR MODERATE MAJOR
SIGNIFICANT C
R6, R7 R2
ALMOST CERTAIN
R3, R4, R5
PROBABLE
R5 R1
POSSIBLE
R1
UNLIKELY
R2
ALMOST NEVER
Classification: Internal
Comprehensive List : Cyber and IT Residual Risks
SCALE OF LIKELIHOOD (PROBABILITY) RISK LIST
RESIDUAL
RISK DESCRIPTION COMMENTS
ALMOST RISK LEVEL
RARE UNLIKELY POSSIBLE PROBABLE
CERTAIN
Cybercrime - Business Email
R1 LOW
Compromise
SCALE OF SEVERITY (IMPACT)
Rx = Risk #
Classification: Internal
Control Effectiveness of Top 5 Cyber and IT Risks
Management Critical Immediate Action Required Key
Extreme Residual Risk
Lower Higher
Theft, Loss or
Improper access to Theft, Loss or Risk Velocity
High Data - PCI Data Improper access to
Data - Sensitive
Customer Data Slower Faster
RESIDUAL RISK
Low
Minute
Modest Concern Periodic Monitoring
Highly Effective Partially Effective Ineffective
CONTROL EFFECTIVENESS
Gartner for IT Leaders tool
Classification: Internal
Issue Management Progress
On Track
14 New/Reopened
Overdue
12 Closed/Pending Closure
Projection
10
0
Mar-20 Apr-20 May- Jun-20 Jul-20 Aug- Sep- Oct-20 Nov- Dec- Jan-21 Feb- Mar-21 Apr-21 May- Jun-21 Jul-21 Aug- Sep- Oct-21 After
20 20 20 20 20 21 21 21 21 Oct-21
Classification: Internal