In a nutshell

Answer to the research question

The research question is how companies can link systematically their information security practice with their operational risk management strategy and practice to achieve superior benefits.

The answer, based on the reviewed literature, would be that the three necessary elements for organisations to obtain superior benefits are:

• The presence of a committed management (setting risk objectives and appetite). Reviewed literature and survey results show that this is the first necessary requirement.

• The development of a strong information security practice as part of a holistic ERM/ORM.

• The alignment of enterprise risk management with the business strategy. This study explains that making business is taking risks and survey results show the relation between strategic alignment in RM and benefits for the organisation.

Stakeholder value, new business opportunities and better governance are currently the most likely superior benefits to achieve according to surveyed experts.

Therefore, as Jean Noel Ezingeard states, "an integrated operational risk management approach seems to be the cornerstone of success and will deliver beyond the risk management functions".