4 out of the 5 most common mistakes that companies make when it comes to risk management and security

– and how to go about it!

(Follow our LinkedIn page to make sure you don’t miss out)

The 4th mistake when it comes to security and risk management in companies is: the common assumption that security is only within IT.

Security is often addressed from the technical point of view only, missing people, awareness, discipline and behaviour. Security is about covering the entire organisation. That’s why I often ask: what’s most valuable to you in the organisation? That’s where you need to start.

We need a more broad understanding of the security term and it simply has to be an integrated part of the business, not just of IT.


Build your security framework on the basis of compliance and risk – but understand that you need the bigger picture. If not, it’s just expensive and in the way.

You can find the other common mistakes here:

1rst common mistake: Lack of or inadequate dialogue between the business and IT
2nd common mistake: Inadequate Risk Management
3rd common mistake: Compliance is something from another planet