5 out of the 5 most common mistakes that companies make when it comes to risk management and security

– and how to go about it!

In the last blog posts we’ve been sharing the most common mistakes we see in companies when it comes to risk management and security. Did you miss the other posts? Find them here: [1/5], [2/5], [3/5] and [4/5].

The last common mistake I often see is:

# 5: Top management doesn’t understand the value of security initiatives

There are several reasons for this. First of all, the cost of security is unconnected to business and therefore not appreciated by top management.

This is a big mistake.

As I have mentioned before security initiatives need to be an integrated part of the business.

Thus, security and risk management has to be connected to the overall strategy of the company and top management need to understand that lack of security can have huge consequences for the business.

There is something called organisational culture, and this must be cultivated from the bottom to the top, and however vague or abstract it may seem it is the responsibility of the management team to do this cultivation. And one point would be to instill what might be referred to as the risk and security mindset.


Read more about measuring this culture and the mindsets needed in relation to risk, compliance and security here.

Read the rest of the common mistakes here