As a component of enterprise risk, risk management, in the past has primarily dealt with down-side risk or protecting the bottom-line. However, in the newly transformed, distributed digital workforce, business success requires a measured appetite for risk in order to achieve top-line growth. In other words, the real gap is the tools needed to evaluate both upside and downside risk when it comes to emerging technologies because the digital world in which all businesses must now operate for growth engenders inherent risk. This means that taking on risk is important for top-line growth as well as minimizing risk for protecting the bottom-line. Therefore, the real challenge is not in minimizing but optimizing risk and reward. In order to answer the question of how we can enhance topline growth and provide bottom line protection through optimizing risk a complementary risk/reward evaluation structure was created. The core components, key definitions and the connection with the previous foundation material will be explained. The risk optimization system was evaluated by business leaders that tested the framework by focusing on corporations across different industry verticals that utilized emerging technology impacted by both risk and reward.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price excludes VAT (USA)
Tax calculation will be finalised during checkout.
Data is summarized and is available upon request. The study was qualitative in nature.
Bevan O, Boehm J, Manocaran M, Riemenschnitter R (2018, November) Cybersecurity and the risk function. McKinsey & Company. https://www.mckinsey.com/business-functions/risk/our-insights/cybersecurity-and-the-risk-function
Canadian Underwriter, Chubb introduces Cyber COPE, a new model for underwriting cyber insurance. https://www.canadianunderwriter.ca/insurance/chubb-introduces-cyber-cope-new-model-underwriting-cyber-insurance-1004105433/
Chief Financial Officers Council (CFOC) and Performance Improvement Council (PIC) (2016) Playbook: Enterprise Risk Management for the U.S. Federal Government. Available at https://cfo.gov/wp-content/uploads/2016/07/FINAL-ERM-Playbook.pdf. p 18
COSO and PricewaterhouseCoopers LLP (2016, June) Enterprise risk management—aligning risk with strategy and performance. 254469-11116VN, p 49
Cronin, Chris, Partner, HALOCK Security Labs, April 2018, CIS RAM—Center for Internet Security ® Risk Assessment Method (Version 1.0), For Reasonable Implementation and Evaluation of CIS Controls TM
Dell R (2005) Current issues: breaking organizational silos: removing barriers to exceptional performance. J (Am Water Works Assoc) 97(6):34–37
DiMase D, Collier ZA, Heffner K et al (2015) Systems engineering framework for cyber physical security and resilience. Environ Syst Decis 35:291–300. https://doi.org/10.1007/s10669-015-9540-y
Gallagher P (2012) Innovation as a key driver of economic growth & competitiveness, created June 25, 2012, updated October 01, 2016 speech https://www.nist.gov/speech-testimony/innovation-key-driver-economic-growth-competitiveness. Accessed 9 Jan 2019
Ganin AA, Quach P, Panwar M, Collier ZA, Keisler JM, Marchese D, Linkov I (2020) Multicriteria decision framework for cybersecurity risk assessment and management. Risk Anal 40(1):183–199. https://doi.org/10.1111/risa.12891
Griffy-Brown, Lazarikos, Chun MS (2016) How do you secure an environment without a perimeter? Using emerging technology processes to support information security efforts in an Agile Data Center. J Appl Bus Econ 18(1):90–102
Griffy-Brown, Miller H, Zhao V, Lazarikos D, Chun M (2020) Making better risk decisions in a new technology environment. IEEE Eng Manag Rev 48(1):77–84
Hess E (2010) Managing the risks of growth: public companies. In Smart growth: building an enduring business by managing the risks of growth. p 137
Inc. Magazine (2017, October 10) 8 Dangers of Growing Your Business Too Fast. www.Inc.com. https://www.inc.com/cox-business/eight-dangers-of-growing-your-business-too-fast.html
International Electrotechnical Commission, IEC 31010, Risk Management—Risk Assessment Technique Edition 2.0 2019-0, ICS 03.100.01 ISBN 978-2-8322-6989-3
International Risk Management Institute, Inc., COPE | Insurance Glossary Definition. IRMI. Retrieved May 5, 2021, from https://www.irmi.com/term/insurance-definitions/cope
International Organization for Standardization (2018) Risk Management (ISO standard no. 31000: Ed-2: v1) Retrieved from https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en Risk management—Guidelines, 3, Terms and definitions, Risk, Forward
Johnson & Johnson Notice of Annual Meeting and Proxy Statement (2018) p 25. https://www.investor.jnj.com/_document/2018-proxy-statement?id=00000162-2469-d298-ad7a-657f7bcf0000
Keisler JM, Linkov I (2020) Use and misuse of MCDA to support decision making informed by risk. Risk Anal. https://doi.org/10.1111/risa.13631. Advanceonlinepublication
Lan J (2013, March) Analyzing growth rates. The American Association of Individual Investors, AAII JOURNAL. Retrieved from https://www.aaii.com/journal/article/analyzing-growth-rates
Miller H, Griffy-Brown C (2018) Developing a framework and methodology for assessing cyber risk for business leaders. J Appl Bus Econ. https://doi.org/10.33423/jabe.v20i3.335
National Institute of Standards and Technology (2011, March) Managing information security risk. Special Publication 800-39, Chapter 2, p 6
National Institute of Standards and Technology (2018, December) Special Publication 800-37, Revision 2, p 119
National Institute of Standards and Technology (2020, October) Integrating cybersecurity and enterprise risk management (ERM), NISTIR 8286 p 42, p 7. https://doi.org/10.6028/NIST.IR.8286
Nielsen J (1994) Heuristic evaluation. In: Nielsen J, Mack RL (eds) Usability inspection methods. Wiley, New York, pp 25–64
Open Web Application Security Project [OWASP], https://cheatsheetseries.owasp.org/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.html, visited 9/1/2019
Ponemon Institute LLC (2018) Cost of a Data Breach Study, p 36
Rawlings P (2016) The Great Fire of London and the Origins of Fire Insurance: a brief note, Queen Mary University of London, School of Law Legal Studies Research Paper No. 246/2015
Riegel R (1917) Problems of fire insurance ratemaking, The Annals of the American Academy of Political and Social Science, Mar., 1917, Vol. 70, Modern Insurance Problems, p 199–219 (Published by: Sage Publications, Inc. in association with the American Academy of Political and Social Science, Stable. URL: https://www.jstor.org/stable/1013602
Richard G. Rudolph RG, PH.D., CPCU, ARM, ARP, APA, AIAF, AAM, Famous Reindeer Education Enterprises, LLC, Net Income Risk Management, 1 Edition, Digital Version, The National Alliance Research Academy Austin, Texas ©2012, ISBN# 978-1-878204-49-3, https://nationalalliancebooks.com/
Society for Risk Analysis Glossary, Aven et al. 2018, https://www.sra.org/wp-content/uploads/2020/04/SRA-Glossary-FINAL.pdf
The Institutes Glossary (2019) American Institute for Chartered Property Casualty Underwriters
The National Alliance Research Academy Risk and Insurance Studies, Austin, Texas 2014, Risk Management Essentials, 2 Edition, Digital Version, International Standard Book Number: 978-1-878204-77-6, https://nationalalliancebooks.com/. p 523, p 267
The Office for Civil Rights (2010, July 14) Guidance on risk analysis requirements under the HIPAA Security Rule. p 7. Retrieved from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf
Verizon (2019) Data Breach Investigations Report, 2019. p 2. https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
The authors have no relevant financial or non-financial interests to disclose.
Conflict of interest
Employment: Recent (while engaged in the research project), present or anticipated employment by any organization that may gain or lose financially through publication of this manuscript. Financial interests: Stocks or shares in companies (including holdings of spouse and/or children) that may gain or lose financially through publication of this manuscript; consultation fees or other forms of remuneration from organizations that may gain or lose financially; patents or patent applications whose value may be affected by publication of this manuscript. The authors have no conflicts of interest to declare that are relevant to the content of this article.
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Miller, H., Griffy-Brown, C. Evaluating risk for top-line growth and bottom-line protection: enterprise risk management optimization (ERMO). Environ Syst Decis 41, 468–484 (2021). https://doi.org/10.1007/s10669-021-09819-x
- Risk management
- Emerging technologies
- Enterprise risk management
- Risk optimization