8. Failing to maintain continuous and measurable risk management initiatives.
You might have a disaster recovery plan on file, but the last time anyone updated it was two years ago, and it is badly outdated. Risks are always evolving and new vulnerabilities emerge every day. Risk management is not something you do once and then forget about. You need updated, ongoing, real-time overviews of your risk mitigation activities in a format that doesn’t bog you down. It is possible.
9. Ineffectively prioritizing and inefficiently allocating resources to deal with risk.
Once you have completed your risk assessment, you are faced with the often paralyzing task of figuring out what to do next. Which problem demands the most attention and money? There are hierarchies of risk, and a good risk manager can help you systematically tackle the most pressing needs first.
10. Not properly preparing and educating your employees for emergencies.
A tool is only as effective as the person using it. If your employees are not properly trained to implement your contingency plans and security policies, your risk management efforts will be wasted. When you are busy it might seem impossible to allocate time to educate your staff on what to do when the server crashes, or the phones go down, or the office floods. But, when disaster strikes, you will be relieved you did.