The recommendations have been made in Threat Horizon 2014: Managing Risks When Threats Collide, with the report challenging the traditional approach to managing security risks, within the information security function, and recommends that organisations take a much more strategic business wide approach.
"Traditional risk management is insufficiently agile to deal with the potential impacts from activity in cyberspace." said Steve Durbin, ISF global vice president.
"Organisations must extend risk management to become more resilient, based on a foundation of preparedness. We are advising our members that this is the year of resilience and to be prepared to move at the speed of a Tweet," he added.
Threat Horizon offers a view of the increasing threats in today's interconnected world to help with a new approach, including:
o External threats that come from the increasing sophistication of cybercrime, and attacks on systems that have a physical impact in the real world.
o Regulatory threats that come as regulators call for greater transparency about incidents and security preparedness, while increasing requirements for data privacy
o Internal threats that come as business adopts new technology without fully understanding the risks.
"From cyber to insider, organisations have varying degrees of control over evolving security threats, added Durbin.
"With the speed and complexity of the threat landscape changing on an almost daily basis, we are seeing businesses being left behind, sometimes in the wake of reputational and financial damage - they need to take stock now to ensure they are fully prepared and engaged," he added.