About The Institute



What is Digital Risk Management?

Digital Risk Management (DRM) provides a practical, analytical discipline for managing digital risk from a business perspective, by enabling business and technology leaders and their security partners to collaborate on business aligned decisions.

DRM defines a foundation for managing risk across various functions by relying on the quantification of the business impact of digital risk. This enables business leaders to understand the risk profile of their operations from a business perspective and for the organization as a whole to make risk mitigation decisions based on the level of operational and financial risk.


Who is the DRM Institute?

The DRM Institute is a 501(c)(3) nonprofit organization whose aim is to analyze industry-specific digital failure scenarios, create standard DRM knowledge, and promote best practices for managing digital risk from a business perspective.

The backers of Waverley Labs started the DRM Institute following the request by business leaders, risk officers and security executives to create a forum where they could learn about digital failure scenarios and define a common set of decision-making processes for managing digital risk across the enterprise. An independent board of directors is being created. Waverley Labs remains the Institute’s technical advisor.

The mission of the DRM Institute is to serve its members and our profession by defining a decision-making framework that creates and sustains business value by balancing the need to protect the organization with the need to run the business. The Institute’s objectives are to publish a generally accepted set of DRM knowledge and best practices across various industries and facilitate benchmarking against those practices.


Who Can Participate?

General membership in the institute is open to qualifying Business Executives, Risk Officers and CISOs at no cost. Our discussions center on analyzing digital failure scenarios, on creating standard DRM knowledge, and on managing digital risk from a business perspective, though extend to related topics such as security management, compliance, risk mitigation planning and response.


Learn about our membership >